in Security

Laboratory thwarts insider threat with Darktrace AI

Posted 21 March 2022 · Add Comment

A leading laboratory specialising in vitro diagnostics has successfully stopped an insider threat with the help of Darktrace's self-learning AI.



Image courtesy Darktrace

The company, which has laboratories, offices and distribution centres in over 100 countries worldwide and more than 3,000 employees, specialises in the research, development and manufacturing of innovative in vitro diagnostic tests for disease, conditions and infections. The organisation uses Darktrace's detect, respond and investigate capabilities to defend against in-progress attacks at the early-stages.

Powered by Self-Learning AI, Darktrace technology develops an understanding of normal operations for the company. From this understanding it can then autonomously interrupt in-progress attacks at every stage from the initial entry with sophisticated spearphishing emails to brute-forced remote desktop protocol (RDP), command-and-control, and lateral movement, all without business disruption.

In one instance, Darktrace's Self-Learning AI detected an internal device communicating with the Tor network via an intermediary web service. Tor is an open-source privacy network that enables anonymous web browsing by guiding data traffic through different servers, located all over the world. Whilst it is not wholly malicious, it can be associated with the browsing of non-business or even illegal content.

The device was connecting with a darknet forum relating to the pharmaceutical market. Given that no other device within the organisation had visited the Tor network in the past, Darktrace AI flagged this to the security team as out-of-the-ordinary. With the AI taking care of early detection and making micro-level decisions the security team were uplifted and able to make important decisions that required business context.

The internal security team later found that this was likely an insider looking to sell proprietary intellectual property or even medical supplies on the darknet.

"Malicious or compromised insiders can be difficult to identify because their privileged access and knowledge of company workings allows them to evade detection by traditional security tools," commented Toby Lewis, Global Head of Threat Analysis, Darktrace. "In order to protect intellectual property from insider threat, organizations need to augment security teams with AI-powered technology to stop malicious activity in real time at the moment of detection."

 

 

* required field

Post a comment

Other Stories
Advertisement
Latest News

Serco acquires Sapienza

Serco Group plc has entered into an agreement to acquire Sapienza Group, from TP Group plc, to expand its offering to the European space sector.

Menzies Aviation renews Air Canada contract at Heathrow

Menzies Aviation today announced it has renewed a significant ground services contract with Air Canada at Heathrow Airport (LHR) and won new business at Copenhagen Airport (CPH).

Views sought to boost security of UK data centres and cloud services

Looking to strengthen security and resilience of UK’s data infrastructure to protect against outages and national security threats, the Government has announced it is seeking views on how to boost the security and resilience of

UK Government to host AFF22 onboard HMS Prince of Wales in New York

On 28th-29th September, the UK Government will host the Atlantic Future Forum (AFF22) on the aircraft carrier HMS Prince of Wales in New York, bringing together senior politicians, policymakers, military leaders, academia, business

Stay ahead of the airplane

Neil Ballinger, head of EMEA at EU Automation, looks at ways of stepping up to the challenges currently facing aerospace supply chains.

Airbus launches UK ZEDC

Airbus is strengthening its presence in the UK with the launch of a Zero Emission Development Centre (ZEDC) for hydrogen technologies, to be based in Filton, Bristol.

ODU SK0105310522
See us at
Future Arm Vehicles Active Protection Systems BTAdvanced Engin BT2504031122Future Armoured Vehicles Weapon Systems BTDVD BT2704220922Future Arm Vehicles Power Systems BT