Modern companies have large numbers of employees, who use multiple SaaS accounts to access multiple services, from multiple devices, in multiple time zones.
As these companies continue to expand, and continue to embrace cloud computing, it is becoming exceedingly difficult to stop cyber-attacks before significant damage is done. Companies can no longer rely on network-monitoring tools to direct human intervention and must embrace a different approach.
Darktrace Antigena is an autonomous-response platform that can act from anywhere inside an organization’s network infrastructure: on user devices, network devices, SaaS accounts, and on email messages.
However, for an autonomous-response platform to be effective, it needs to understand the various aliases and behaviors that represent a single “user”.
Antigena is underpinned by “context-gathering” technologies in Darktrace SaaS and Cloud Modules that retrieve data about users’ devices, roles, or departments, among other contextual markers, and associate disparate entities.
By developing this “meta” identity, it is possible to identify a threat in one SaaS service and autonomously respond in the same service, another service, or in many. In response to an unusual login attempt on an IDaaS provider, Antigena can temporarily shut down the user’s Zoom account — to prevent the attacker performing social engineering — and disable the user’s Google Workspace account — to prevent data exfiltration.
This approach is well suited to a dynamic and expanding problem and can stop cyber-attacks before they have done significant damage. Although Antigena will have to include new services as they emerge, such as Zero Trust and endpoint, the approach of understanding the user’s behavior and responding to a threat in all relevant technologies will not need to change.