Introduction

In an era of fast-moving and ever-changing attacks, with shrinking dwell times and increasingly stretched security teams, detection alone is not enough, and technology which can respond to emerging attacks has become a necessity in stopping cyber disruption.

Darktrace Antigena uses its evolving understanding of ‘self’ for everyone and everything in the business to make split-second decisions and take targeted action, interrupting ongoing attacks without impacting normal business operations.

In what follows, we explore how ransomware unfolds with and without Autonomous Response.

In the first four scenarios, Darktrace was being trialled and so Darktrace Antigena was not set up in Active Mode where it can act autonomously. In these cases, the attack was either allowed to continue, or it was stopped only due to timely human intervention. The latter two scenarios demonstrate what happens when Antigena is set up to autonomously respond to an emerging attack.

Without Autonomous Response

The early signs of ransomware: A blitz game

At a Canadian defense contractor, an attacker gained access to a server by obtaining an administrator’s credentials, and began to spread laterally using WMI commands. However, the unusual and suspicious chain of events was immediately detected by Darktrace’s AI, and in Active Mode Autonomous Response would have interrupted the attack immediately.

To read full download the whitepaper:

How ransomware unfolds with and without Autonomous Response

Leave a Reply

Your email address will not be published. Required fields are marked *