Darktrace Newsroom shortens cyber action timescales
Image courtesy Darktrace
Darktrace’s knowledge of 'self' means it can quickly assess which assets are potentially affected by the emerging critical vulnerability and can provide mitigation advice specific to the organisation so that it stays protected.
New critical vulnerabilities, such as Log4J and ProxyLogon, make news headlines regularly and the average time to exploitation has shrunk to just 15 days. Cyber security teams need to be able to quickly answer the question, 'Are we vulnerable? And where?'. Traditional vulnerability management programmes are typically resource intensive, involving the constant monitoring of security news feeds and intelligence sources. Meanwhile, exposure tests from vulnerability scanners take time, leaving IT security teams exposed in the absence of a quick initial indicator of their unique exposure to the emerging threat.
Darktrace Newsroom uses AI to monitor threat feeds and OSINT sources for new critical vulnerabilities and publishes them on the Darktrace PREVENT dashboard as part of the Newsroom feed. Newsroom shows a summary of the vulnerability, the affected software and reveals how many assets have been found to run this software within the organisation.
This capability augments the human security team by quickly determining whether an organisation is affected by a new vulnerability, alleviating lengthy, labour-intensive manual processes.
Traditionally, security teams had to take longer periods of time to work out whether they were affected when a vulnerability emerged, allowing a window for aggressive, fast-moving attackers to breach their organisations, often within hours.
Jim Webber, VP Enterprise Security and Fraud Management, at Direct Federal Credit Union, said: “From the moment a new vulnerability hits the headlines, it effectively sets off a ticking time-bomb which any security team will need to scramble to diffuse. The cadence of new vulnerabilities has made it impossible for human teams alone to keep up.
“As a security leader, the thing I want to know when a new vulnerability hits the headlines is, ‘Is my organisation vulnerable? And if so, which assets are affected and how do I protect them?’. Historically, there was no way to do this quickly and accurately. Newsroom is a game-changer because it delivers those answers on a plate for you, fast.”
Pieter Jansen, SVP of Cyber Innovation, Darktrace, said: “Against the backdrop of rapidly expanding attack surfaces and rising numbers of new, critical vulnerabilities, Newsroom is a vital component in a security team’s arsenal of proactive capabilities.
“When news of a vulnerability hits, security leaders need to know how it affects them specifically before their CISO, or the Board, demands answers. This latest innovation shows our continued commitment to augmenting human capabilities by combining the intelligence of always-on, self-learning AI with the unique skills of human security teams.”
Darktrace Newsroom is part of the Darktrace PREVENT product family launched last summer. For early adopters of the capability, Newsroom provided critical insights on several emerging vulnerabilities such as:
- An unauthenticated RCE vulnerability found in Citrix Gateway and CitrixADC. This would allow attackers to remotely execute commands to place malware or other malicious code on a computer or network without any need for input from the victim.
- RCE flaw, often used in shadow IT, found in CentOS Web Panel 7 Servers which allows attackers to execute malicious commands during the login process
- Unauthenticated remote code execution vulnerability affecting almost all Zoho ManageEngine products which is a blind spot for most organisations. In the worst-case scenario, attackers could use this vulnerability to gain complete control of the system running the product, pivot to other systems in the organisation, dump credentials and deploy ransomware.
Successful exploitation of any one of these vulnerabilities can lead to data breaches with accompanying large fines. The insights provided by Darktrace Newsroom allowed the security teams to understand, within an average of two and a half hours, if and where on their attack surface those vulnerabilities were likely to manifest. As a result, these organisations were able to carry out timely mitigation actions and prevent any exploits.
