Advertisement
Babcock LB

News

Articles

Information

Resources

Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide
  • Home
  • /
  • Security
  • /
  • Darktrace brings AI-enabled capabilities to HEAL

Security

Darktrace brings AI-enabled capabilities to HEAL

Posted 26 July 2023
Darktrace today announced the launch of Darktrace HEAL, its AI-enabled product to help businesses more effectively prepare for, rapidly remediate and recover from cyber-attacks.

Image courtesy Darktrace

HEAL provides security teams with unique abilities to simulate real attacks within their own environments, create bespoke incident response plans as cyber incidents unfold, and automate actions to rapidly respond to and recover from those incidents.

Managing emerging cyber-attacks presents an enormous challenge for security teams who must make decisions quickly in the heat of the attack based on potentially hundreds of changing and uncertain data points and factors. In a recent ransomware incident, analysts would have needed around 60 total hours of investigative work to build a complete understanding of the full scope and varied details, yet the malicious activity unfolded across just 10 hours. The pressure and complexity facing these teams is only poised to grow as generative AI tools enable attackers to increase the speed, scale, and sophistication of novel attacks. With the global average cost of a data breach reaching $4.35 million in 2022, the financial, operational and reputational stakes for businesses to remediate and recover quickly are high.

Advertisement
Security & Policing Rectangle

HEAL leverages Darktrace's Self-Learning AI to give security teams new abilities designed to build cyber resilience and help them more easily and confidently address live incidents. With HEAL, security teams can:

  • Simulate real-world cyber incidents, allowing teams to prepare for and practice their response to complex attacks on their own environments.
  • Create bespoke, AI-generated playbooks as an attack unfolds based on the details of their environment, the attack, and lessons learned from their previous simulations. This reduces information overload, prioritises actions and enables faster decision-making at critical moments.
  • Automate actions from the response plan to rapidly stop and recover from the attack within the HEAL interface.
  • Create a full incident report, including an audit trail of the incident response with details of the attack, actions HEAL suggested, and actions taken by the security team for future learning and to support compliance efforts.

Transforming readiness with incident simulations
HEAL's simulated incidents are a first-of-its-kind capability for security teams to safely run live simulations of real-world cyber-attacks ranging from data theft and ransomware encryption, to rapid worm propagation, all in their own environments and involving their own assets. Security teams are expected to flawlessly manage incident response in the face of a live, rapidly unfolding, often novel attack, usually without any realistic practice. HEAL enables teams to get real-world experience managing attacks as they would happen to the business and regularly practice these procedures to help fine tune their responses. That means teams aren't running their incident response for the first time in the face of a real, live attack.

Transforming Incident Response with Bespoke, AI-Generated Playbooks
When a live incident does occur, HEAL will use insights from Darktrace DETECT to create a picture of the attack and a bespoke, AI-generated, response playbook, built from Darktrace's knowledge of the incident, the business's environment, and lessons learned from the security team's previous simulations. HEAL recommends the priority order for remediation actions based on factors like further damage the compromised asset can cause, how much the attack is relying on that asset as a pivot or entry point and its importance to the business. Consequently, security teams can adapt their defences as an incident evolves, enabling them to end it more rapidly and with less overall disruption.

Neal Mohammed, Head of Technology at real estate leader Rudin Management said: "The reality is that sets of manual incident response playbooks don't last very long. These days they may be outdated 24 hours after they are created, because the cyber landscape is just changing so rapidly. We constantly have to revise them because there are so many things we may not be thinking of. Moreover, these playbooks assume you have a controlled environment, which is not the case when an attack occurs. Utilising Darktrace's AI solutions really ends the need for these coarse static playbooks."

Transforming recovery
HEAL further enables security teams to quickly and efficiently manage and recover from live incidents by integrating with a variety of tools in a business's wider security stack to automate actions. Within HEAL's live playbooks, teams can activate and manage authorised tools from across their environment, from a single interface with a click of a button. At launch, HEAL will integrate with Microsoft Defender for Endpoint, Intune, Microsoft 365, Veeam and Acronis.

Advertisement
Tritax 300x250

HEAL provides security teams with automated incident reports during and after an attack, giving teams valuable time back that is normally spent writing detailed updates. The reports provide analysis of the attacker and security team actions, decisions, containment, and recovery information to keep stakeholders updated as an event unfolds. After an attack, this can offer essential compliance information to third parties such as forensics teams, insurance providers and legal teams and can be used to assist with reviews and learning lessons from the attack and the response.

Closing the Cyber AI Loop
HEAL works with DETECT and Darktrace PREVENT to build a live picture of the environment and attack, and integrates with Darktrace RESPOND to prioritise, isolate and heal key assets to cut off and shorten attacks. Its introduction closes Darktrace's Cyber AI Loop, bringing together DETECT, PREVENT, RESPOND and HEAL into a single platform in which each element draws insights from and continuously reinforces the others to create a best-in-class cyber defence.

Jack Stockdale, Chief Technology Officer, Darktrace said: "At Darktrace, we build technology by looking at where AI can be the most valuable in augmenting the people in a security team and how it can have the most positive impact on their work. With HEAL, we've turned our attention to cyber resilience. We're upskilling teams and reducing the overload analysts face during an attack, to help them recover and get back to business faster and more effectively.

"With the closing of Darktrace's full Cyber AI Loop, security teams can maximise the time and talent of their human teams, enabling them to focus on critical and complex tasks with the knowledge that Darktrace AI is autonomously working in the background to prevent, detect, respond and heal from cyber-attacks in a continuous, reinforcing loop."

 


 

Advertisement
General Atomics LB
New laws set to strengthen UK

Aerospace Defence Security

New laws set to strengthen UK's cyber attack defences

12 November 2025

UK hospitals, energy and water supplies, as well as transport networks, will be better protected from the threat of cyber attacks under new laws being introduced in Parliament today.

Skyports commences BlueWater 2 drone demonstrator

Aerospace Security

Skyports commences BlueWater 2 drone demonstrator

11 November 2025

Skyports Drone Services (Skyports) has commenced operations of its UK clean maritime drone demonstrator BlueWater 2, which is designed to advance green, smart shipping in the UK, supported by Innovate UK’s CMDC 6.

Boeing to display range of defence solutions at Dubai Airshow

Defence Security Events

Boeing to display range of defence solutions at Dubai Airshow

7 November 2025

Boeing will be bringing its defence and services solutions to the Dubai Airshow later this month, with the F-15 Eagle, the CH-47 Chinook, KC-46 Pegasus, AH-64 Apache and the C-17 Globemaster on static display.

BMT and Teledyne Marine to advance maritime autonomy programmes

Defence Security

BMT and Teledyne Marine to advance maritime autonomy programmes

6 November 2025

BMT has signed a Memorandum of Understanding (MoU) with The Teledyne Marine Vehicles group which includes Iceland-based Teledyne Gavia and North Falmouth, MA based Teledyne Webb Research, laying the foundation for strategic alignment and close collaboration on future projects in the maritime autonomy space.

Advertisement
ODU RT
Blighter to debut radar solutions at Defense & Security event in Bangkok

Defence Security Events

Blighter to debut radar solutions at Defense & Security event in Bangkok

6 November 2025

Blighter will be showcasing its smart radars and AI-assisted BlighterNexus software in the UK pavilion at Defense & Security 2025 taking place at the IMPACT Exhibition & Convention Centre, Bangkok, Thailand from the 10th-13th November 2025.

Scotland enhances its cyber resilience

Security

Scotland enhances its cyber resilience

5 November 2025

A new ‘cyber observatory’ to help protect Scotland’s public bodies from online threats will be set up as part of a package of measures to promote the country’s cyber-security.

Advertisement
ODU RT

News

Articles

Information

Resources

© 2025 Advance - All rights reserved

Website by Silkstream

The views expressed are not necessarily those of ADS or its members. No responsibility or liability is accepted by ADS, the editorial team or the publisher for any loss occasioned to any person, legal or physical, acting or refraining from action as a result of any statement, fact, figure, expression of opinion or belief contained within this site.

Advertisement
Tritax leaderboard 728x90 Tritax leaderboard 728x90