AI-driven Darktrace HEAL helps businesses manage cyberattacks

Darktrace has announced Darktrace HEAL, an AI-enabled product to help businesses prepare for, remediate, and recover from cyberattacks more effectively.  

HEAL provides security teams with abilities to simulate real attacks within their own environments, create bespoke incident response plans as cyber incidents unfold, and automate actions to rapidly respond to and recover from those incidents.

Security teams are expected to flawlessly manage incident response in the face of a live, rapidly unfolding, often novel attack, usually without any realistic practice. They are expected to make decisions quickly based on potentially hundreds of changing and uncertain data points and factors. 

In a recent ransomware incident*, analysts would have needed around 60 total hours of investigative work to build a complete understanding of the full scope and varied details, even though the malicious activity unfolded in10 hours. 

The pressure and complexity facing these teams is only poised to grow as generative AI tools enable attackers to increase the speed, scale, and sophistication of novel attacks. With the global average cost of a data breach reaching US$4.35 million in 2022**, the financial, operational and reputational stakes for businesses to remediate and recover quickly are high.

HEAL leverages Darktrace’s Self-Learning AI to give security teams new abilities designed to build cyber resilience and help them address live incidents more easily and confidently. With HEAL, security teams can:

· Simulate real-world cyber incidents, allowing teams to prepare for and practice their response to complex attacks on their own environments.

· Create bespoke, AI-generated playbooks as an attack unfolds based on the details of their environment, the attack, and lessons learned from their previous simulations. This reduces information overload, prioritises actions, and enables faster decision-making at critical moments.

· Automate actions from the response plan to rapidly stop and recover from the attack within the HEAL interface.

· Create a full incident report, including an audit trail of the incident response with details of the attack, actions HEAL suggested, and actions taken by the security team for future learning and to support compliance efforts.

HEAL’s simulated incidents are a first-of-its-kind capability for security teams to safely run live simulations of real-world cyberattacks ranging from data theft and ransomware encryption to rapid worm propagation, all in their own environments and involving their own assets.

When a live incident does occur, HEAL will use insights from Darktrace DETECT to create a picture of the attack and a bespoke, AI-generated, response playbook, built from Darktrace’s knowledge of the incident, the business’ environment, and lessons learned from the security team’s previous simulations. HEAL then recommends the priority order for remediation actions based on factors like further damage the compromised asset can cause, how much the attack is relying on that asset as a pivot or entry point, and its importance to the business. Consequently, security teams can adapt their defenses as an incident evolves, enabling them to end it more rapidly and with less overall disruption.

HEAL further enables security teams to quickly and efficiently manage and recover from live incidents by integrating with a variety of tools in a business’s wider security stack to automate actions. Within HEAL’s live playbooks, teams can activate and manage authorised tools from across their environment, from a single interface with a click of a button. At launch, HEAL will integrate with Microsoft Defender for Endpoint, Intune, Microsoft 365, Veeam, and Acronis.

HEAL provides security teams with automated incident reports during and after an attack, providing provide analysis of the attacker and security team actions, decisions, containment, and recovery information to keep stakeholders updated as an event unfolds. After an attack, this can offer essential compliance information to third parties such as forensics teams, insurance providers, and legal teams and can be used to assist with reviews and learning lessons from the attack and the response.  

HEAL works with DETECT and Darktrace PREVENT to build a live picture of the environment and attack, and integrates with Darktrace RESPOND to prioritise, isolate, and heal key assets to cut off and shorten attacks. Its introduction closes Darktrace’s Cyber AI Loop, bringing together DETECT, PREVENT, RESPOND, and HEAL into a single platform in which each element draws insights from and continuously reinforces the others to create a best-in-class cyberdefense.

Jack Stockdale, CTO Darktrace said: “At Darktrace, we build technology by looking at where AI can be the most valuable in augmenting the people in a security team and how it can have the most positive impact on their work. With HEAL, we’ve turned our attention to cyber resilience. We’re upskilling teams and reducing the overload analysts face during an attack, to help them recover and get back to business faster and more effectively.

“With the closing of Darktrace’s full Cyber AI Loop, security teams can maximise the time and talent of their human teams, enabling them to focus on critical and complex tasks with the knowledge that Darktrace AI is autonomously working in the background to prevent, detect, respond, and heal from cyberattacks in a continuous, reinforcing loop.”

Explore

Register for the Darktrace HEAL and the Darktrace Cyber AI Loop launch event on August 3.

*A Black Cat attack on a customer, identified by Darktrace’s Cyber AI Analyst in April 2023.

**IBM and Ponemon Institute, Cost of a Data Breach 2023.

Comments

Post a Comment

Popular posts from this blog

Fortinet enhances FortiRecon to align with CTEM framework

Fortinet, the global cybersecurity provider driving the convergence of networking and security, has turned the FortiRecon platform into a comprehensive solution aligned with the continuous threat exposure management (CTEM) framework. The latest release introduces expanded internal attack surface monitoring, adversary-centric dark web intelligence, and security orchestration, all in a unified platform. These enhancements help organisations proactively identify and prioritise real-world exposures, validate risks like an attacker would, and accelerate response. “CISOs and security teams are overwhelmed by growing attack surfaces and an endless stream of unprioritised alerts,” said Nirav Shah, Senior VP of Products and Solutions at Fortinet. “With the latest enhancements to FortiRecon , we’re giving organisations an attacker’s eye view of their internal and external exposures, backed by AI-powered threat intelligence from FortiGuard Labs, real-world validation, and automated response...
Read more

SentinelOne recognised as a 2025 Gartner Peer Insights Customers’ Choice for XDR

SentinelOne, a global provider of AI-powered security, has been named a Customers’ Choice in the 2025 Gartner Peer Insights ‘Voice of the Customer’ for Extended Detection and Response (XDR) report* – one of only two companies with this distinction. A hundred and forty-four users reviewed SentinelOne's Singularity Platform, and 97% said they would recommend the solution to respond to threats across endpoints with AI-powered security, while 97% rated the solution four stars or better.** “With the growing complexity of cyberthreats, organisations need more than siloed security—they need AI-powered, autonomous protection that delivers real-time detection and response across their entire attack surface. Customers have made it clear that SentinelOne’s XDR provides the intelligence, automation, and efficiency they need to stay ahead of threats and secure their environments with confidence,” said Ely Kahn, VP, Product Management, SentinelOne. Gartner defines extended detection and ...
Read more

AWS: AI adoption grows 20% in Singapore

Image
Amazon Web Services (AWS), an Amazon.com company, has found* that AI adoption continues to accelerate in Singapore. In the past year alone, 27,000 1 Singapore businesses adopted AI for the first time—equivalent to over three new adopters every hour. In sum, nearly 170,000 (48%) of businesses in Singapore have adopted AI 2 , up from approximately 143,000 (40%) a year ago. This represents a 20% year-over-year growth rate, AWS said. AI adoption is the strongest in the financial services industry (71%), followed by the technology sector ( software developers, data analytics firms, cloud service providers, and digital startups) at 70%, and healthcare at 63%. Among Singapore’s businesses that have adopted AI, 82% reported an increase in revenue, at an average increase of 19%, while 90% report significant productivity improvements. A large majority (85%) of those who have adopted AI say the technology is likely to increase their growth in the next year, and 89% expect an average of 17%...
Read more