cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Darktrace extends coverage to zero trust architectures Zscaler, Okta and Duo

Darktrace has announced its ability to extend its detection and autonomous response capabilities to zero trust technologies, including Zscaler, Okta and Duo Security.

user iconReporter
Fri, 01 Apr 2022
Darktrace extends coverage to zero trust architectures Zscaler, Okta and Duo
expand image

The API integrations allow organisations to accelerate their adoption of zero trust architecture by feeding data into Darktrace’s Self-Learning AI engine to identify and neutralise anomalous behaviours.

Zero trust technologies enforce guardrails for organisations with rules and policies designed to reduce risk exposure by eliminating unnecessary access and privileges across critical IT systems, thus creating a more secure infrastructure. Yet there is still a risk of malicious activity even with proper architecture and policy enforcement – advanced monitoring and threat detection are critical elements of a zero-trust strategy, which assumes that a breach is underway at any given moment.

Against the growing threat of advanced cyber attacks, zero trust architecture has emerged as one way of supporting the shift to new ways of working, according to Max Heinemeyer, vice-president of cyber innovation at Darktrace.


“The shift to remote and hybrid work has increased the attack surface for organisations and underscores the importance of securing the identity of each user.

“Although traditional zero trust policies minimise risk, and zero trust architectures reduce the overall attack surface, organisations need to assume attackers will still inevitably breach their perimeter defences, including identity controls,” Heinemeyer said.

When malicious activity occurs despite the enforcement of zero trust rules and policies, Darktrace is designed to immediately identify and trigger a proportionate response to contain the attack.

When deployed with Zscaler, the scope of activity visible to Darktrace widens and its AI technologies can analyse, contextualise, and ultimately act when necessary. Upon detecting unusual behaviour, Darktraces autonomous response can then directly take appropriate action via the Zscaler API, ranging from actions as granular and surgical as blocking connections between two endpoints to a complete termination of all device-specific activity.

According to Amit Raikar, vice-president, business development and technology alliances at Zscaler, the company's Zero Trust Exchange reduces the attack surface and enforces cyber security policies.

“The integration with Darktrace AI behavioural detection and response allows customers to correlate Zscaler telemetry with data from across the enterprise to improve threat response further,” Raikar added.

Darktraces integrations with Okta and Duo Security are similar, where within zero trust architectures, the administrative users become the top targets because they can affect the accessibility and vulnerability of the entire digital environment. Darktrace is designed to alert and act on the anomalous behaviours of these accounts, including unusual and potentially unsanctioned activity.

Unique to Darktrace, it is also able to detect unusual administrator activity around newly added user permissions and third-party software to allow-lists or anything that might widen the range of risk exposure.

[Related: Sophos research reveals cyber attackers using Log4Shell vulnerability to deliver ‘backdoors’ to virtual servers]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.