KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
My name is Paul Fisher, by the way, just to introduce myself. So what is, what does Dre do?
Like what, what does it special like our AI is focusing to stay ahead of the ransomware, no matter how novel the threat is, our goal is. And whether it's really remarkable is that we are the only AI basically in the game that doesn't need to know about the past to protect you in the future. What I mean by that is that we focus on your environment, on your infrastructure to learn, you know, you and yourself, your it, and to use this knowledge, to understand when something new is coming. Right?
So, because our goal is it to even detect threats that are unique to your environment without having any knowledge about them beforehand. And that's basically, you know, how dark trace works, and that's why our AI is capable of protecting you.
But, you know, today we talk about ransomware and that ransomware is a threat. It's a problem. It is nothing new. I think we've heard it.
You know, we've known it for years to be a problem. However, what is quite remarkable is that even though it has been a problem for a while already, we don't really see any improvements. To be honest, it feels like it's getting worse, the situation, right?
So, you know, that's why there is a need to, to basically try something new, to be honest, if we, if we look around, right, just recently, especially in Germany, we have had some cases that were big, pretty big in the news. And if we look at those, you know, it's the problem with ransomware is that the tech game has changed as well, right? Because we have seen that ransomware has changed the way it is deployed, whether it's a double threat, ransomeware where data exfiltration and encryption go hand in hand. So no matter what you do, you have a problem.
We see ransomware as a service where even low level actor can get access to very highly sophisticated ransomware and use that to, to make remarkable impacted companies. And we see that even legacy ransomware is used, but just in a matter where it's very targeted to you, to your environment, to your employees, and it's being used to get into your system through those kind of social engineering methods. And that's why we have developed our AI to fight back. So doc trace uses the self learning approach to get a sense of self for your it.
We expose, expose our AI to your environment, to use this kind of understanding for seeing anomalies, right? Knowing those, because we do not believe that we can tell the future. So as we can't tell the future, it's, it's really a hard game to sell to, to, to know what, how a problem will look like tomorrow next week, next month. And that's why we want to know how you look like how your environment looks like to then be able to tell you that there's something so that we can learn from you to new and see the difference in those kind of fields.
However, what we have also seen is, and you know, many have talked about it already, is that for it teams, it's, it's very difficult to be efficient, right? To be most of the times, teams do not really have the time, the resources to, to go through a multi-day multi-level attack cycle and see, you know, where something has come from, where has went, you know, and to piece those things together, it's very complicated time consuming. And you know, it might be that the teams are stretched because of projects.
It might be that there's a lack of visibility so that you can't really follow through the different parts of your infrastructure. And that's why we have developed the cyber AI Analyst, the cyber AI Analyst, you know, uses our understanding to put those pieces together, to not show your individual incidents, but to show you the attack life cycle, where has it started, who was involved so that it gives you very good insights into what to focus on, you know, where a real threat is emerging and where it has spread to which steps have already been taken.
What the development of this attack is here to, to make it easy for the teams to tackle a problem, to reduce the noise and make it focused approach about it. So what does it mean in reality here? Let me introduce to, to sort of Nicky ransomware attack describe ascribe to the group R Eva, and you know, one thing that, that, that, you know, gets visible right away, or that, that, that basically jumps into your face is if we look at the timeframe, we talk about an tech that has lasted for three weeks, right?
Three weeks where the traditional tools, we're not able to prevent it, to see it, to stop it. What we can also see is that in this case, the attacker was very, very confident that once inside the system, they would have the time and ability to move, to change up, to avoid maybe traps. They were being pulled out to avoid the traditional systems in place to protect you because they felt to that they were UN they, that they could not been seen doctors.
However, you know, through our AI saw each of those steps, you know, could say, okay, here, there's initial compromise. You know, we see data exploration, we see letter movement. We see how the tool like how somebody's moving through your network. And each of those steps could be detected because our, I, I knew that that was something, you know, in the, that was weird for the system. So even if the Techer next time changes up the way they, they, they penetrate your system, doesn't really matter to doctors because we don't work with those rules or signatures, but we see what is normal for you.
And then we see this is not normal for you. However, you know, we have so set time is a problem, right? So what does the AI Analyst that we talked before? Do it shows immediately to the entire team, even though it's a three week long process, you know, where has it started?
Where, what has happened, which devices at which where involved, how much data was accelerated. And you know, here on this, if we look at it, it's also something we see this from the, we see the entire life cycle, but we also see that here, we see a data repeated connection, and we see that dark traces flex this connection. Not because we know this site to be bad because then the firewall would've caught already, but we see it's a rarity. No one has ever communicated before with this website in the entire infrastructure.
And that's basically how dark trace can tell it, you know, the good thing is the AI Analyst works on scale. So it doesn't really matter how severe, how broad, how long the attack is.
You know, whenever there's new information, it's added to the system analyzed and put into the incident if it belongs together. But we also know sometimes one minute, you know, if one, one look would've been survived to see there's something happening. Sometimes this one minute is not what we have, right? It might be that it's after hours. It might be that it's weekend. It might be that the team is stretched by many projects going on simultaneously, you know, sick leave, whatever.
So sometimes we just don't have the luxury to have this one minute to look into it, or just sometimes the ransomware can also be very, very fast. And that's why dark trace has developed autonomous response. Autonomous response is our answer.
The, the AI fights back, we use autonomous response to stop, you know, attacks from happening. And we, as we are not really confined by rules and signatures, we can change with the attack lifecycle. We can change with, even if the Techer decides to now they'll go a different route because the first route were stopped by us. Doesn't matter. The AI uses the understanding of your infrastructure to take precise reactions to the threats and to the anomalies we see.
And, you know, but that's nice in theory, let's look at how it looks like if we look at, at a case. So let me introduce to you to, for ransomware attack attack, being stopped by a dark traces AI, and this case we had, ransonware going through a system, you know, and they used a zero day exploit. But you know, as we've learned before D doesn't really care whether it's a zero day or not, we don't really care where it comes from what it is based on. We just see for this, in the example, you know, that we have seen different in the network. Those dots mean dark trace saw anomalies.
And we also see that we immediately respond to this suspicious ransomware SMB activity. The thing is, you know, and that's sometimes we see within seconds, dark trace is able to react to it, stop it, you know, and to basically use our knowledge of our, of the, of the it, and to use our knowledge about the anomaly, to say, we don't want this SMB activity at this moment. And not because SMB is necessarily bad, but necess be is in this context bad. And that's something doctors always tries to do is we bring context to a situation, right?
Because there are many things that happen that are neither good, nor bad, but only the context tells you whether, whether it's really bad or not. You know, you, you, you move around data within your network or within your MIT all the time. Your answer to emails, you click on emails, always, right? You click on links on emails, but if it's a legitimate link, it's good. If it's a illegitimate one it's bad. And what the like to tell the difference, you know, whether something is good or bad, that's where context comes into place.
And that's where our AI can focus on it, to give the teams the chance to, to use the context gathered by the AI, to take a very precise reaction to the attack, to, to use also the knowledge to stop this attack within the first steps. So, yeah, this is basically how dark traces uses our understanding of your it infrastructure.
What's very important to know is also that dock trace is, and that's something, you know, we are not focused on one part, you know, dock trace is extending this approach and this understanding to the entirety of yourt, whether we talk about, you know, user base, whether we talk about SaaS applications, the cloud, the email, or the very traditional network, where you still have the things OnPrem, it doesn't really matter to doc trace where you sit, it only matters to us, you know, that we see it and that we can react there and that we can help the teams to actually have the time to have the luxury, to investigate, to investigate precisely and to use have also the backup of a system that can go wherever the take life cycle leads you to.
Right. So that it doesn't really matter to us how it is changing and what the future will bring because our AI approach will help you to create actually against it. And yeah. So by that, I would like to open the floor for some open questions here.
