AI-focused cybersecurity vendor Darktrace has released Newsroom, a new detection and warning system for critical vulnerabilities that uses open-source intelligence (OSINT) sources to identify threats posed to businesses.
Newsroom leverages deep and AI-assisted knowledge of a customer’s external attack surface to gauge its exposure to detected vulnerabilities and provides a summary of exploits, affected software and assets within the organisation, Darktrace stated.
It also provides vulnerability mitigation guidance specific to businesses, while early adoption has revealed insight on remote code injection flaws in Citrix Gateway/Citrix ADC, CentOS Web Panel 7 Servers, and Zoho ManageEngine products, according to the vendor.
Darktrace Newsroom is now available as part of the Darktrace PREVENT product range.
Darktrace Newsroom alleviates slow, manual vulnerability detection
Darktrace Newsroom autonomously monitors threat feeds and OSINT sources for new critical vulnerabilities and publishes them on the Darktrace PREVENT dashboard, Darktrace said.
This detection and summarisation of flaws augments human security teams by alleviating lengthy, labor-intensive manual processes, the firm added.
Traditional vulnerability management methods are typically resource intensive, involving regular monitoring of security news feeds and intelligence sources.
It can take security teams significant periods of time to test and ascertain whether they are affected when a vulnerability emerges, allowing a window for attackers to breach organisations, Pieter Jansen, senior vice president of cyber innovation at Darktrace, tells CSO during a demo of the Newsroom service.
“Some of these things are done by some organisations already internally by enthusiastic people who like looking at news, or even whole security teams starting every morning by manually looking at Twitter and underground forums," Jansen said.
"Newsroom augments all of that. There’s a 24/7 AI-powered team behind this monitoring new sources, public news, underground news, looking at research communities, sharing what we have selected as the super critical vulnerability news so security teams have a better start to their day."
Deep understanding of an organisation’s external attack surface
A deep, unique understanding of and correlation with a customer’s external attack surface is key, he adds, and is what sets Newsroom apart from other vulnerability management options.
“The platform learns what an organisation is like from an outside perspective without any user input, using the brand and AI evidence to build a digital DNA of the customer,” Jansen states.
“It knows that if there’s new exposure on specific parts of the attack surface, it learns from that and identifies new or critical attack paths that could lead to compromise, telling the customer where they are exposed.”
Upon detection of a vulnerability relevant to the client, Newsroom sends an email alert with a list of affected assets and supports integration with most ticketing systems, raising tickets automatically with the appropriate teams/personnel, according to Jansen.
“There’s a lot of value in knowing if you have vulnerable assets technology and where you need to patch, so you can then increase your monitoring around those assets to make sure they don’t get breached in that timeframe.”
Newsroom also reevaluates historic vulnerabilities for new exploitation.
Mitigation guidance links to official patch sites (if available) and sources for remediation, while customers can opt in to be notified about vulnerabilities even if they don’t have any assets directly affected, something Jansen calls a “true negative.”
Newsroom “cuts through media noise” to reveal cyber risk profile
Darktrace Newsroom addresses a fundamental challenge that security leaders face today: cutting through media noise and getting to grips with the realities of their risk profile, Jim Webber, VP enterprise security and fraud management at Direct Federal Credit Union, and Newsroom early adopter, tells CSO.
“If we consider that an average of four new critical vulnerabilities are released every day, and the time it takes for attackers to exploit these has shrunk to an average of 12 days, you can imagine that the race against time to understand and mitigate these threats in line with your risk profile is not something that even an army of analysts, if that luxury was afforded, can carry out alone,” he says.
Newsroom provides clearcut insights about the impact of new vulnerabilities in a way that is timely and bespoke to his organisation, Webber adds.
“Instead of trawling through data logs when the next vulnerability emerges, my team can act on the insights provided. Not only that, it’s also showing us the crown jewels that the AI is actively defending on our behalf in order to build trust in those decisions.”
On September 29, 2022, Newsroom alerted Webber’s team to the potential risk of a well-known vulnerability, he states.
“After the initial identification, it then carried out the crucial phases of vulnerability response at speed. We saw that the severity of this was high and the potential impact was high. It showed us that this was visible in our external attack surface and provided us with a list of potentially affected assets.”
Newsroom then sent an overview to Webber’s team by email of all this including a list of potentially affected assets and a link to external resources about the threat.