Darktrace Masters the Art of Storytelling With Cyber AI Analyst

The cybersecurity talent shortage is a pressing concern for organizations today. We are set to hit 3.4 million unfilled positions by 2021, with 500,000 of those vacancies in North America alone. To offload some of the incident management responsibilities from InfoSec practitioners, Darktrace introduced a “Cyber AI Analyst” in September 2019. The Cyber AI Analyst is a new feature in Darktrace's flagship product, the Enterprise Immune System, and it functions as an “extra body” to intelligently create reports of suspicious activity on the company network that is worthy of investigation. The report uses language that reads as if it was written by a human and highlights the most relevant information so that IT can provide conclusions to their executives.

Our Take

We obtained a demo of the technology with the interest of seeing how the Cyber AI Analyst feature worked, and it was impressive. The AI Analyst opened in a separate Incident Tray, with a list of the most pressing incidents at the bottom of the screen. Clicking on one of the incidents on the list opened a report on a suspicious file download accessed from an external endpoint.

The report contained a brief summary, a timeline of the incident from detection, connection information, and more details on the incident. While it was a detailed report, the brief summary at the top of the report effectively provided a quick rundown of the situation. The summary used terms that were understandable even to a nontechnical professional and provided insights without requiring a look at the details, including actionable recommendations on how to ensure systems were fully recovered from the incident. Additionally, we were shown how to translate the report into any language and even export it into a visually appealing, ready-for-management report.

Above: Image of Darktrace Threat Visualizer

Above: Image of Darktrace Incident Log

It can take several hours for a security analyst to compile information and create a report like the one Darktrace offers. Having a Cyber AI Analyst that can create reports quickly and at scale isn’t entirely necessary to securing your organization. However, you can certainly benefit from the offloaded task of synthesizing information and creating reports.


Want to Know More?

Develop and Implement a Security Incident Management Program