Darktrace, the leader in Enterprise Immune System technology, has detected three insider threats that successfully bypassed traditional security tools, which could have resulted in serious cyber attacks and compromises.

Insider threat continues to grow in prevalence as traditional perimeter defenses fail to detect perpetrators already inside the network. As legitimate network users, insiders can furthermore cover their tracks and evade security teams more easily.

“Darktrace’s self-learning technology uncovers threats everyday across its 200-strong customer base, which go unnoticed by traditional security tools,” said Nicole Eagan, CEO at Darktrace. “Whether deliberate or not, the behaviors of employees and contractors can significantly endanger an organization. Businesses can address insider threats by using technology that proactively detects them and provides a measured response.”

It can take up to 230 days for a company to realize they have been breached and critical systems compromised.

Using machine learning and mathematics, developed by specialists from the University of Cambridge, ‘immune system’ technology spots emerging attacks that hide within noisy networks. By learning a network’s ‘pattern of life’, Darktrace’s Enterprise Immune System identifies emerging, abnormal behaviors, no matter how subtle. Unlike traditional security tools, Darktrace finds these threats without using rules or signatures.

Facebook Weapon in Data Leak Deceit

A bank in Italy, using Darktrace, experienced an insider threat, involving the large-scale exfiltration of sensitive data to a group of unidentified computers. Legitimate user credentials were used to send large volumes of data outside the organization via Facebook. The Enterprise Immune System detected anomalous behavior within three minutes, and issued a threat alert, which enabled the bank’s security team to curb the emerging threat.

Novel iMessage Abuse

An employee used iMessage to send copious information from an internal file server of a large entertainment company, outside the network. No rules or signatures could have pre-empted this attack. However, the company had complete visibility of their network using Darktrace and stopped the threat in time.

Trusted Supplier Compromises Power Plant Data

A major Australian power station detected a large-scale data transfer of sensitive information to a home router. Further investigation revealed this to be a third-party temporary contractor passing useful documentation back to his home storage device for subsequent use. Before activity was judged to be malicious or otherwise, Darktrace flagged the threat immediately, allowing the risk to be mitigated before any irreversible damage was done.

To learn more about threats detected by Darktrace’s Enterprise Immune System, visit www.darktrace.com/products.

Acerca de Darktrace

Nombrada "Pionera tecnológica" por el Foro Económico Mundial, Darktrace es una de las principales empresas de defensa contra las ciberamenazas del mundo. Su tecnología el Enterprise Immune System detecta en tiempo real amenazas no identificadas anteriormente, gracias al aprendizaje automático y a las matemáticas desarrolladas en la Universidad de Cambridge, que analizan el comportamiento de cada dispositivo, usuario y red dentro de una organización. Algunas de las mayores empresas del mundo confían en el dispositivo de aprendizaje automático de Darktrace en sectores como la energía y los servicios públicos, los servicios financieros, las telecomunicaciones, la sanidad, la fabricación, el comercio minorista y el transporte. La empresa fue fundada en 2013 por destacados especialistas en aprendizaje automático y expertos en inteligencia gubernamental, y tiene su sede en Cambridge (Reino Unido) y San Francisco, así como oficinas en Auckland, Boston, Chicago, Dallas, Londres, Los Ángeles, Milán, Bombay, Nueva York, París, Seúl, Singapur, Sídney, Tokio, Toronto y Washington D.C.