Darktrace Artificial Intelligence Helps Leading Laboratory To Prevent An Insider Threat

Fremont, CA: Darktrace’s self-learning AI helped a prominent laboratory specializing in vitro diagnostics successfully stop an insider threat.

The company, which employs over 3000 people worldwide and has laboratories, offices, and distribution centers in over 100 countries, specializes in discovering, developing, and manufacturing novel in vitro diagnostic tests for disease, disorders, and infections. In addition, Darktrace detects, responds, and investigates the organization's capabilities to defend against in-progress attacks early.

Darktrace technology, powered by self-learning AI, develops an understanding of the company's typical activities. It may then autonomously interrupt in-progress attacks, from initial entrance via sophisticated spearphishing emails to brute-forced remote desktop protocol (RDP), command-and-control, and lateral movement, all without disrupting business.

Darktrace's Self-Learning AI discovered an inside device connecting with the Tor network through an intermediary web service in one case. Tor is an open-source privacy network that allows users to browse the internet anonymously by routing data flow through many servers worldwide. While it is not entirely malevolent, it has been linked to non-business or even illegal content browsing.

The device was linked to a darknet forum about the pharmaceutical industry. Darktrace AI identified this to the security team as unusual because no other device within the organization has ever visited the Tor network. The security team was allowed to make key judgments that required business context because the AI took care of early detection and micro-level decisions.

The internal security team said this was most likely an insider looking to sell the confidential intellectual property or possibly medical supplies on the darknet.

"Malicious or compromised insiders can be difficult to identify since their privileged access and understanding of corporate operations allows them to elude detection by typical security solutions," said Toby Lewis, Darktrace's Global Head of Threat Analysis. "To safeguard intellectual property from insider threats, enterprises must supplement security staff with AI-powered technologies that can detect and stop harmful activities in real time."