Darktrace plc (LON:DARK), a global leader in cyber security artificial intelligence, has announced the general availability of Darktrace NewsroomTM, an AI-driven system that continuously monitors open-source intelligence sources for new critical vulnerabilities and assesses each organization’s exposure through its in-depth knowledge of their unique external attack surface. Darktrace’s knowledge of “self” means it can quickly assess which assets are potentially affected by the emerging critical vulnerability and can provide mitigation advice specific to the organization so that it stays protected.
New critical vulnerabilities, such as Log4J and ProxyLogon, make news headlines regularly and the average time to exploitation has shrunk to just fifteen days. Cyber security teams need to be able to quickly answer the question, “Are we vulnerable? And where?”. Traditional vulnerability management programs are typically resource intensive, involving the constant monitoring of security news feeds and intelligence sources. Meanwhile, exposure tests from vulnerability scanners take time, leaving IT security teams exposed in the absence of a quick initial indicator of their unique exposure to the emerging threat.
Darktrace Newsroom uses AI to monitor threat feeds and OSINT sources for new critical vulnerabilities and publishes them on the Darktrace PREVENT™ dashboard as part of the Newsroom feed. Newsroom shows a summary of the vulnerability, the affected software, and reveals how many assets have been found to run this software within the organization. This capability augments the human security team by quickly determining whether an organization is affected by a new vulnerability, alleviating lengthy, labor-intensive manual processes. Traditionally, security teams had to take longer periods of time to work out whether they were affected when a vulnerability emerged, allowing a window for aggressive, fast-moving attackers to breach their organizations, often within hours.
“From the moment a new vulnerability hits the headlines, it effectively sets off a ticking time-bomb which any security team will need to scramble to diffuse. The cadence of new vulnerabilities has made it impossible for human teams alone to keep up,” says Jim Webber, VP Enterprise Security and Fraud Management, Direct Federal Credit Union, a fast-growing, progressive financial co-operative which provides savings, loans and a range of services to its members located in the heart of the N2 Innovation District in Needham, MA. “As a security leader, the thing I want to know when a new vulnerability hits the headlines is, ‘Is my organization vulnerable? And if so, which assets are affected and how do I protect them?’ Historically, there was no way to do this quickly and accurately. Newsroom is a game-changer because it delivers those answers on a plate for you, fast.”
“Against the backdrop of rapidly expanding attack surfaces and rising numbers of new, critical vulnerabilities, Newsroom is a vital component in a security team’s arsenal of proactive capabilities,” commented Pieter Jansen, SVP of Cyber Innovation, Darktrace. “When news of a vulnerability hits, security leaders need to know how it affects them specifically before their CISO, or the Board, demands answers. This latest innovation shows our continued commitment to augmenting human capabilities by combining the intelligence of always-on, self-learning AI with the unique skills of human security teams.”
Darktrace Newsroom is part of the Darktrace PREVENT product family launched last summer.
For early adopters of the capability, Newsroom provided critical insights on several emerging vulnerabilities such as:
- An unauthenticated RCE vulnerability found in Citrix Gateway and Citrix ADC. This would allow attackers to remotely execute commands to place malware or other malicious code on a computer or network without any need for input from the victim.
- RCE flaw, often used in shadow IT, found in CentOS Web Panel 7 Servers which allows attackers to execute malicious commands during the login process.
- Unauthenticated remote code execution vulnerability affecting almost all Zoho ManageEngine products which is a blind spot for most organizations. In the worst-case scenario, attackers could use this vulnerability to gain complete control of the system running the product, pivot to other systems in the organization, dump credentials and deploy ransomware.
Successful exploitation of any one of these vulnerabilities can lead to data breaches with accompanying large fines. The insights provided by Darktrace Newsroom allowed the security teams to understand, within an average of two and a half hours, if and where on their attack surface those vulnerabilities were likely to manifest. As a result, these organizations were able to carry out timely mitigation actions and prevent any exploits.