Cybersecurity vendor Darktrace has announced the release of Darktrace HEAL, the firm’s latest AI-enabled product designed to help businesses prepare for, remediate, and recover from cyberattacks. HEAL provides security teams with the ability to simulate real attacks within their environments, create bespoke incident response plans as cyber incidents unfold, and automate actions to respond to and recover from incidents, Darktrace said. HEAL integrates with Darktrace’s other solutions – DETECT, PREVENT, and RESPOND – closing its so called “Cyber AI Loop” built on resilience across the cyber lifecycle, according to the vendor.
Quick and effective incident response remains a significant challenge for security teams often burdened by evolving attack patterns, changing and uncertain data points, and resource issues. The latest Cost of a Data Breach Report from IBM Security revealed that organizations that employ both an incident response team and response plan testing identify breaches 54 days faster than those with neither. Meanwhile, organizations that extensively use security AI and automation identify and contain a breach 108 days shorter than those with no use. Furthermore, organizations that use threat intelligence identify breaches 28 days faster than those that do not, according to the report.
HEAL uses attack simulations to help businesses prepare for real incidents
HEAL’s simulated incidents allow security teams to safely run simulations of real-world cyberattacks such as ransomware, data theft, and worm propagation, within their own environments and involving their own assets, Darktrace said in a press release. These exercises provide teams the opportunity to experience how attacks would impact the business and fine tune their responses, instead of running incident response for the first time amid real, live attacks, the firm added.
When a real incident does occur, HEAL uses lessons learned from previous simulations along with knowledge of an organization’s environment and insights from DETECT to create a picture of the attack, as well as an AI-generated response playbook, Darktrace said. The solution then recommends the priority order for remediation actions based on factors like further damage the compromised asset can cause, how much the attack is relying on that asset as a pivot or entry point, and its importance to the business, it added.
HEAL integrates with other tools for automated remediation, creates live incident reports
HEAL also automates remediation actions via integration with tools in a business’s security stack and provides incident reports during and after an attack, Darktrace said. At launch, the solution integrates with Microsoft Defender for Endpoint, Intune, Microsoft 365, Veeam, and Acronis, with further integrations planned. The reports HEAL generates provide analysis of the attacker and security team actions, decisions, containment, and recovery information as an event unfolds, Darktrace stated. After an attack, this information offers essential compliance data to third parties such as forensics teams, insurance providers, and legal teams, it said.