Close Menu
Cybersecurity

The State of AI in Cybersecurity: Uncovering Global Insights from 1,800 Security Experts

Max SmithBy No Comments8 Mins Read


Organizations need to demand more from email security

To address the increasingly complex threat landscape, organizations must move beyond defending their inboxes with traditional Secure Email Gateways (SEGs) and view email security as a key element of a defense-in-depth strategy. Organizations need more than just a traditional gateway that doubles, rather than replaces, the functionality provided by native security vendors, and provides parity across all messaging, including inbound email, outbound email, side email, and even Teams messages. Particle size analysis is required.

Darktrace/Email is the industry's largest and most advanced cloud email security powered by self-learning AI. It combines AI technology to surpass the accuracy and efficiency of leading security solutions and is the only security built to enhance, rather than duplicate, native email security.

With our biggest update ever, Darktrace/Email introduces the following innovations, finally allowing security teams to look beyond a secure email gateway powered by autonomous AI.

  • Stop all outbound email threats with AI-powered data loss prevention
  • An easy way to quickly deploy DMARC using AI
  • Significant enhancements to streamline SOC workflows and increase detection of advanced phishing links
  • Extending Darktrace’s core AI defenses to lateral email, account compromise, and Microsoft Teams

New features in Darktrace/Email

Data loss prevention

Advanced data loss prevention features built on native email tags block the entire outbound email threat and stop unknown, accidental, and malicious data loss.

Darktrace uses proven AI to detect anomalous user behavior and dynamic changes in content to understand health at the individual user, group, and organizational level. Using this understanding, Darktrace/Email addresses outbound email and prevents unknown, accidental and malicious data loss.

Traditional DLP solutions only consider sensitive data, requiring manual input to label each piece of data or creating rules to detect pattern matches to try to stop certain types of data from leaving your organization. It depends. However, in today's world of constantly changing data, regular expressions and fingerprint detection are no longer sufficient.

  • human error – Darktrace/Email understands normal behavior for all users and can recognize cases of emails sent in error. Even if the data is labeled correctly or has no impact on the data, Darktrace recognizes and warns the user that data loss may occur in the context in which the data is sent.
  • Unclassified data – Traditional DLP solutions can only take action on sensitive data, but Darktrace understands the content and context of every email, allowing you to view data pending labels or labels in normal functionality. Analyze ranges of data that cannot be marked.
  • insider threat – Even if a malicious attacker compromises your account, they may attempt to exfiltrate encrypted intellectual property or other forms of unlabeled data to avoid detection. there is. Darktrace analyzes user behavior to detect unusual cases of data leakage from individual accounts.

And the classification efforts already in place are not wasted. Darktrace/Email extends Microsoft Purview policies and sensitivity labels to avoid duplicating security team workflows and combines the best of both approaches to help organizations maintain control and visibility of their data.

End user and security workflow

Over 60% improvement in end-user phishing report quality and advanced malicious web link detection1

Darktrace/Email radically improves reporting capabilities for end users and saves resources for security teams. Employees will always be at the forefront of email security. While other solutions assume that the end user's report quality will automatically be poor, Darktrace allows the end user to improve the quality of his reports from day one by increasing user security awareness. is prioritized.

Users can now assess and report suspicious activity using contextual banners and cyber AI analyst-generated narratives about potentially suspicious emails, resulting in more benign emails being reported. is reduced by 60%.

Of the high-quality emails that end up being reported, the next step is to reduce the amount of emails that reach the SOC. Darktrace/Email's Mailbox Security Assistant automates triage with secondary analysis combined with additional behavioral signals, uses 20x more metrics than before, and uses advanced link analysis to detect 70% more malicious Detects phishing links with .2 This directly reduces the manual triage burden for security analysts.

For emails received by the SOC, Darktrace/Email uses automation to reduce the time it takes to investigate each incident. With a live inbox view, security teams have access to a centralized platform that combines intuitive search capabilities, Cyber ​​AI Analyst reports, and mobile application access. An analyst can perform remediation actions from within her Darktrace/Email, eliminating console hopping and speeding incident response.

Darktrace takes a user-centric and business-centric approach to email security, as opposed to the attack-centric rules and signature approaches of secure email gateways.

microsoft team

Detect threats such as account compromise, phishing, malware, and data loss within your Teams environment.

Approximately 83% of Fortune 500 companies rely on Microsoft Office products and services, particularly Teams and SharePoint.3

Darktrace leverages the same behavioral AI technology for Microsoft customers in 365 and Teams, enabling organizations to detect threats and indicators of account compromise within their Teams environments, including social engineering, malware, and data loss.

The primary use case for Microsoft Teams protection is as a potential intrusion vector. Messaging has traditionally been internal, but as organizations open up, it's becoming a vector of entry that requires the same level of care as email. That's why we're bringing a proven AI approach to Microsoft Teams that understands the user behind the message.

Abnormal messaging behavior is also a very important indicator of whether a user has been compromised. Unlike other solutions that focus on the payload and analyze Microsoft Teams content, Darktrace goes beyond basic link and sandbox analysis to examine actual user behavior from both a content and context perspective. This linguistic understanding is not bound by the requirement to match the signature to a malicious payload, but rather focuses on the context in which the message was delivered. From this analysis, Darktrace can identify early symptoms of account compromise, such as early stage social engineering before the payload is delivered.

Lateral email analysis

Detect and respond to internal email flows with multi-layered AI to prevent account takeover, lateral phishing, and data leaks.

With the industry's most robust account takeover protection, you can now prevent lateral compromise of your email accounts. Darktrace has always monitored internal emails to inform incoming and outgoing decisions, and now we will use the same AI technology for incoming, outgoing, and Teams analysis to monitor suspicious lateral email behavior.

Darktrace integrates signals from the entire mail flow and communication patterns to identify symptoms of account compromise, including lateral mail flow.

Unlike other solutions that only analyze the payload, Darktrace analyzes a full range of signals to capture lateral movement of the payload before it is delivered. By adding yet another layer to each user's AI behavioral profile, security teams can use signals from side emails to identify early symptoms of account takeover and take autonomous actions to prevent further breaches. Now you can run it.

DMARC

The industry's first AI-assisted DMARC gives you greater visibility and control over the third parties using your domain.

Darktrace has created the easiest path to new Darktrace/DMARC brand protection and compliance. This new feature continuously prevents spoofing and phishing from corporate domains, while automatically increasing email security and reducing attack surface.

Darktrace/DMARC helps businesses upskill by providing step-by-step guidance and a path to clear and efficient enforcement with automated record recommendations. This allows organizations to quickly achieve compliance with the requirements of Google, Yahoo, etc. and ensure that emails reach the mailbox.

Meanwhile, Darktrace/DMARC provides visibility into shadow IT and third-party vendors sending on behalf of your organization's brand, and notifies recipients when emails from your domain come from an unauthorized DMARC source. , reducing the overall attack surface.

Darktrace/DMARC integrates with the broader Darktrace product platform to share insights to further secure your business across email attack path and attack surface management.

All new updates to Darktrace/Email are built within the new Darktrace ActiveAI security platform, creating a feedback loop between email security and the rest of your digital assets for added protection. Click to read more about the Darktrace ActiveAI security platform or hear about the latest innovations in Darktrace/OT, the most comprehensive prevention, detection, and response solution built for critical infrastructure.

Download the State of AI Cyber ​​Security 2024 report to learn about the intersection of cyber and AI, including global findings that may surprise you, insights from security leaders, and today's biggest threats you too may face. Discover recommendations to address your challenges.

References

[1] internal dark trace research

[2] internal dark trace research

[3] Important Microsoft Office statistics for 2024



Source link

Share.

Related Posts

Add A Comment
Leave A Reply