Darktrace is a name you’ll find on the McLaren Formula 1 car, but many in the Cyber Security industry will recognise the name as a leader in AI-powered cybersecurity services. Today Darktrace announced the general availability of Darktrace Newsroom.
This service continuously monitors open-source intelligence sources for new critical vulnerabilities and assesses each organization’s exposure through its in-depth knowledge of their unique external attack surface. Darktrace’s knowledge of “self” means it can quickly assess which assets are potentially affected by the emerging critical vulnerability and can provide mitigation advice specific to the organisation so that it stays protected.
New critical vulnerabilities, such as Log4J and ProxyLogon, make news headlines regularly and the average time to exploitation has shrunk to just 15 days. Cyber security teams need to be able to quickly answer the question, “Are we vulnerable? And where?”.
Traditional vulnerability management programs are typically resource intensive, involving the constant monitoring of security news feeds and intelligence sources. Meanwhile, exposure tests from vulnerability scanners take time, leaving IT security teams exposed in the absence of a quick initial indicator of their unique exposure to the emerging threat.
Darktrace Newsroom uses AI to monitor threat feeds and OSINT sources for new critical vulnerabilities and publishes them on the Darktrace PREVENT dashboard as part of the Newsroom feed. Newsroom shows a summary of the vulnerability, the affected software, and reveals how many assets have been found to run this software within the organisation.
This capability augments the human security team by quickly determining whether an organisation is affected by a new vulnerability, alleviating lengthy, labour-intensive manual processes. Traditionally, security teams had to take longer periods of time to work out whether they were affected when a vulnerability emerged, allowing a window for aggressive, fast-moving attackers to breach their organisations, often within hours.
Darktrace Newsroom is part of the Darktrace PREVENT product family launched last year.
For early adopters of the capability, Newsroom provided critical insights on several emerging vulnerabilities such as:
- An unauthenticated RCE vulnerability found in Citrix Gateway and Citrix ADC. This would allow attackers to remotely execute commands to place malware or other malicious code on a computer or network without any need for input from the victim.
- RCE flaw, often used in shadow IT, found in CentOS Web Panel 7 Servers which allows attackers to execute malicious commands during the login process.
- Unauthenticated remote code execution vulnerability affecting almost all Zoho ManageEngine products which is a blind spot for most organisations. In the worst-case scenario, attackers could use this vulnerability to gain complete control of the system running the product, pivot to other systems in the organisation, dump credentials and deploy ransomware.
Successful exploitation of any one of these vulnerabilities can lead to data breaches with accompanying large fines. The insights provided by Darktrace Newsroom allowed the security teams to understand, within an average of two and a half hours, if and where on their attack surface those vulnerabilities were likely to manifest. As a result, these organisations were able to carry out timely mitigation actions and prevent any exploits.