Recent Political Events & Darktrace Governmental Cyber AI Programme 

One of the main points of discussion in the recent meeting between Russian president Vladimir Putin and U.S president Joe Biden was the Cybersecurity space. The leaders seemed to agree on an alliance in order to combat ransomware attacks targeting critical infrastructure. In response, NATO has drawn up a new Cyber Defence Policy which has been backed after a summit in Brussels.

This policy has brought to light the importance of cybersecurity and the advancements that hacking organisations have made being able to target the most powerful Governments and entities in the world.

Our partners Darktrace have been at the forefront of this problem with government organisations all over the world, including here in Malta. Having deployed the technology to safeguard their environment. Darktrace uses AI to detect and respond to novel and sophisticated threats – from fast-moving ransomware to low-and-slow data ex-filtration.

Darktrace protects more than 270 government and defence organizations globally:

✔ Detects in-progress attacks with
self-learning AI technology.

✔ Stops emerging cyber-threats in
an average of 2 seconds.

✔ Reduces time to meaning by up
to 92%.

Primary Security Challenges

The task of sustaining normal functionality amid a global pandemic has considerably strained governments on a local, state, and national level. Alongside ensuring that public services and infrastructure – such as utilities, healthcare, and transportation – remain operational, governmental bodies have had to contend with additional challenges: implementing national contact tracing programs, enabling research into vaccines and treatments, as well as providing financial assistance to citizens. Securing the systems that facilitate these services is of vital importance. Additionally, like many organizations over the past year, government offices have had to transition to remote working. The usual cyber risks associated with working from home environments – such as rapid shifts in digital infrastructure and workforce behavior, as well as cyber espionage over video conference and hacked smart home devices – are particularly concerning in the government and defence sector due to the sensitive nature of the data and information that it controls.

How Cyber AI Safeguards Government and Defence Organizations

Proven to protect hundreds of government and defence organizations, Darktrace Cyber AI defends digital data and vital systems from threat – no matter how novel or sophisticated. As a self-learning technology, the AI is able to identify and respond to fast-moving ransomware at an early stage without relying on prior attack data, and operates across SaaS, cloud, IoT, email, endpoints, OT technology, and the traditional network. Inspired by the principles of the human immune system, Darktrace works by learning what ‘normal’ looks like for every user, device, and virtual machine in an organization’s dynamic workforce.

This understanding of ‘self’ allows the AI to spot the subtlest indicators of malicious activity as they emerge, instantly flagging them to security teams, and autonomously responding to neutralize the threat at machine speed. Darktrace Cyber AI Analyst augments teams during fast-moving attacks by autonomously investigating, triaging, and reporting on each security incident. This technology provides actionable intelligence via natural language reports that can be translated to various levels of technical detail – ultimately reducing time to meaning by up to 92%.

Autonomously Defending Against Eking Ransomware At a governmental organization in APAC, Darktrace detected an example of Ransomware-as-a-Service (RaaS). With Darktrace, the defenders were able to recognize the anomalous behavior as soon as it occurred and stop the threat from advancing, while Cyber AI Analyst autonomously investigated and reported on every stage of the incident.

The attack started when a corporate device was infected with Eking. Darktrace’s self-learning AI detected and alerted on this threat immediately, picking up on internal reconnaissance activity, SMB enumeration, and extensive scanning. Once the scanning was complete, files were encrypted on a second server, with the infected device transitioning from making just a few internal connections per day to making thousands in less than an hour.

While Darktrace’s alerts and investigations empowered the team to take action straight away, this all this occurred late at night local time – when the security team were out of office. As it was, they were still able to act faster than they otherwise would have and limit the damage when they arrived in the morning. Had Darktrace Antigena been deployed, the AI would have autonomously taken action at the first stage of the attack and prevented encryption occurring.

To discover Darktrace and for a free consultation, contact us on solutions@newtech.mt

Learn more about Darktrace here – https://newtech.mt/darktrace/