CASE STUDIES

Find out about how Darktrace's unique approach delivers next-generation cyber defense to leading world organizations.

Read More >

DARKTRACE VERSION 2 LAUNCHES

New release of Darktrace's flagship, self-learning cyber intelligence platform is announced today.

Read More >

NEWS

NEWS

"[Darktrace] technology can help spot hackers at work inside a system."

Read the Article >

Darktrace is a world leader in Enterprise Immune System technology, a new category of cyber defense solutions based on pioneering Bayesian mathematics developed at the University of Cambridge.

Darktrace addresses the challenge of insider threat and advanced cyber-attacks through its unique ability to detect previously unidentified threats in real-time, as manifested in the emerging behaviors of the network, devices and individuals. Some of the world's largest organizations rely on Darktrace's probabilistic, self-learning platform to spot anomalous activity within the enterprise, in sectors including energy and utilities, financial services, telecommunications, retail and transportation. Darktrace was founded by world-class machine learning specialists and operational government intelligence experts.

The company is headquartered in Cambridge, UK, with offices in London, Milan, New York, Paris, San Francisco and Washington D.C.

Read More >

Overview

Closing the Gap Between Attack and Defense

Darktrace was founded by senior members of the UK government's cyber community, from GCHQ and other intelligence agencies. With a combined seventy years' experience in cyber operations, our senior management team has unique insights into the defense of critical national infrastructure, both digital and physical, and has been foremost in proactively countering the cyber-attacks against the nation's most valuable information assets.

Darktrace is committed to closing the gap between sophisticated attack methodologies and defense technology. It is revolutionizing the cyber security sector with its new and unique approach of Enterprise Immune Systems, based on ground-breaking technology developed at the University of Cambridge, which represents a new approach to protecting against serious cyber threats.

Our technologists are world experts in signal processing and machine learning, and have experience deploying some of the world's largest software systems, dealing with highly sensitive data while complying with changing standards.

Over the past decade, our team has worked to protect critical information assets and intellectual property in an increasingly hostile global environment. Working at the forefront of national security, we learned how to observe and monitor behaviors to determine what is normal and abnormal. By analyzing subtle information, we were able to make decisions about when to act on relevant threats.

Our technology takes the same intelligence-led approach. Enterprise Immune Systems are uniquely capable of learning 'self' automatically, and adaptively understanding what represents real threat within complex, changing environments.

Darktrace's unique technology provides global corporations with true cyber intelligence, leveraging the most advanced technology and expertise in the world today to stop damaging cyber-attack.

Read More

Meet our Executive Team >
Meet our Advisory Board >
Darktrace Vision >

"We need an intelligence-based approach to spot threats in busy environments, allowing us to protect our most important data"

Sir Jonathan Evans, former Director General, MI5

Executive Team

Andrew France OBE, Chief Executive Officer

Andrew France joined Darktrace as CEO in January 2014 following a distinguished, 30-year career at the UK Government's signals intelligence agency, GCHQ. As GCHQ's Deputy Director for Cyber Defence Operations, Andrew has been at the forefront of the national cyber defense strategy, responsible for both policy and operational delivery. He is a recognised global leader in his field, with extensive experience in delivering technical innovation in high-pressure and secure environments. Andrew is a registered Incorporated Engineer, an elected member of the Engineering Institution of Great Britain, and a member of the Institute of Engineering and Technology. He was awarded an OBE for Services to the Ministry of Defence in 2005.

Steve Huxter, Chief Operating Officer

Steve Huxter has a breadth of experience in cyber operations, having held a number of senior positions within the UK government's cyber defense team, where he was instrumental in developing governmental cyber policy. Over a number of years, he was responsible for the development of a wide range of cyber defense strategies and their operational deployment. Prior to his government roles, Steve held consultancy roles at Accenture and co-founded ByBox, an award-winning international logistics company. Steve holds a MA in Mathematics from the University of Oxford, and an MSc in Information Security from Royal Holloway, University of London.

Jack Stockdale, Chief Technology Officer

Jack Stockdale started his career at enterprise software company Autonomy, where he worked on the core software platform IDOL as Technical Director and later Chief Architect. He moved to Blinkx in 2006, where he spent 5 years as Director of Research and Development, with responsibility for the technical development of Blinkx's award-winning online video search engine. Jack is CTO at Darktrace, overseeing the application of Bayesian mathematical models onto the Darktrace Cyber Intelligence Platform. He has a degree in Computer Science from Lancaster University.

Poppy Gustafsson, Chief Financial Officer

Poppy Gustafsson is a qualified chartered accountant, and began her career with Deloitte, in the company's audit division. She has extensive industry experience across several sectors, specializing in venture capital and technology companies. Prior to joining Darktrace, Poppy served as Corporate Controller at enterprise software company Autonomy. Poppy holds a degree in Mathematics from the University of Sheffield.

Rob Sass, Managing Director, North America

Rob Sass has over 30 years' experience in the enterprise software industry, during which time he has become an expert in business growth and market development. Having joined Verity in 2000, acquired by software leader Autonomy in 2005, Rob served as Senior Vice President of Sales for 13 years, where he was responsible for key strategic accounts and helped deliver some of the world's largest software deployments. Rob holds a degree in Business Economics from the State University of New York.

Nick Trim, Commercial Director

Nick Trim has fifteen years' experience working in operational environments in the UK cyber defense effort. In collaboration with various government departments, he played a critical role in creating cutting-edge operational capabilities to defend against a range of threats to national security, for the protection of critical infrastructure. Nick has worked extensively with partners around the world, and is an expert in human intelligence and social engineering. He has also worked as a cyber consultant, advising large companies on their areas of vulnerability and helping devise their cyber strategy. Nick is the head of Darktrace's commercial division. He has a Masters degree in History from Durham University.

Emmanuel Meriot, Country Manager, France and Spain

Emmanuel Meriot joined Darktrace in 2014 as Country Manager for France and Spain. He has over 20 years' experience in the enterprise software industry, specializing in the delivery of innovative technology projects for global corporations. Emmanuel was previously Managing Director for Southern Europe at HP's Information Management division, for 2 years, and at Autonomy for 11 years, with responsibility for key strategic accounts. Emmanuel began his career at Xerox and subsequently helped to create the U.S. software company Vantive. He has a Masters degree in business management.

Corrado Broli, Country Manager, Italy

Corrado Broli has over 25 years' experience in the enterprise software industry, focusing on strategic sales and business development. He has served as Country Manager for Italy at several global IT companies, managing major accounts across Italy and Europe and contributing to some of the largest software implementations in the region. Prior to Darktrace, Corrado spent 14 years at enterprise software company Autonomy, where he was Country Manager for Italy and later European Major Accounts Director. He holds a degree in Electronic Engineering, with a major in Business Management, from the Politecnico di Milano.

John Richardson OBE, Director of Operations & Security

John Richardson has twenty years' experience in the security and defense sector. He has worked across several UK government departments, concentrating on the development and exploitation of internet technologies and cyber security measures, for national security and the protection of critical national infrastructures. John specializes in the application of technical intelligence to dynamic threat environments and operational risk mitigation strategies. He holds a degree in Electrical and Electronic Engineering, an MBA, and is a Member of the Institution of Engineering and Technology, and the Chartered Institute for IT.

Dave Palmer, Director of Technology

Dave Palmer worked as a technical specialist for the UK government's highest security team for over thirteen years. He oversaw the deployment and operation of large-scale enterprise IT projects, focusing on the areas of big data, infrastructure and communications. Dave is an expert in delivering technology solutions at scale and at speed, in the highest security environments. In his role at Darktrace, he manages the delivery of the Darktrace platform. He has a first-class degree in Computer Science and Software Engineering from the University of Birmingham.

Julie Hartigan, Technical Director

Julie has over 20 years' experience in technical and management roles in the enterprise software industry. She has served in senior technical roles at several large corporations, including 6 years as VP of Technology, North America, at leading software company Autonomy. She has also served as CTO of a number of companies including Teradata and Expert System. Julie has a breadth of expertise in system infrastructure and software configuration, and in her role at Darktrace focuses on delivering cutting-edge technical solutions to key customers. Julie holds a PhD in Computer and Information Science and Artificial Intelligence from Ohio State University.

Michael Beck, Cyber Security Specialist

Michael Beck has 10 years' experience as operational advisor and delivery lead for a range of national security programmes in the UK government. Prior to joining Darktrace in 2014, Michael also served as a GovCERT UK practitioner, defending against a wide range of cyber threats, and was deployed as a civilian advisor to a number of active operational commands within the UK military. With vast experience of consulting on tactical cyber defense, he oversees the support and training of Darktrace clients post-implementation. Michael has a first-class degree in Computer Science from the University of Plymouth, and is a Certified Information Systems Security Professional (CISSP) and a GIAC Incident Handler.

Chris Heald, Cyber Security Specialist

Chris joined Darktrace as Cyber Security Specialist in 2014, following nine years at the Foreign and Commonwealth Office, where he defended some of the government's most sensitive networks from advanced threats, and developed a wide experience in bespoke firewall development, forensics training and advanced penetration testing. In his role at Darktrace, he specializes in network, malware and anomaly analysis. Chris is a Certified Ethical Hacker (CEH) and Certified Security Testing Professional (CSTP), and holds a degree in Computer Science from the University of York.

Alex Markham, Technical Specialist

Alex Markham is an expert in server operations and network analysis, and oversees the building and configuration of the Darktrace platform, co-ordinating its ongoing development. He has a wide experience in software development and distributed server architecture, having spent several years at enterprise software leader Autonomy. Alex holds an MA in Natural Sciences from the University of Cambridge.

Emily Orton, Head of Marketing

Emily Orton is a technology marketing specialist, overseeing Darktrace's marketing and communications. Prior to Darktrace, Emily was Head of Marketing, EMEA at enterprise software company Autonomy for a number of years. Emily started her career with media company Emap where she held editorial and business development roles for technical trade magazines. She has an MA in Modern Languages from the University of Cambridge.

Read More

Meet our Advisory Board >
Darktrace Vision >

Founding Advisor

Professor Bill Fitzgerald (born 1st August 1948, died 2nd April 2014)

Bill Fitzgerald was Professor of Applied Statistics and Signal Processing and Head of Research in the Signal Processing Laboratory, in the Department of Engineering at the University of Cambridge. He became a recognized world leader in Bayesian inference applied to signal and data modelling, pioneering its adoption and helping establish it as a principle fixture in the canon of modern science. Bill was a physicist by training and before coming to Cambridge worked in Neutron Scattering at the Institut Laue-Langevin in Grenoble and as a Professor of Physics at the ETH in Zurich.

Although an exceptional academic, Bill's passion was always the translation of the theoretical into the physical, and his extensive experience was not confined to academia. Indeed, he held a number of distinguished yet applied scientific posts in major industrial firms such as Marconi and Schlumberger. Even after embarking on full-time research and teaching as a Fellow at Christ's College, Cambridge, he saw it as fundamental to his position that industry both benefited and was spawned from his ideas. The later years of his career saw a focus on the applications of Sequential Monte Carlo particle filtering methods to signal processing and real-world problems, ranging from financial fraud to threat vector detection in complex electronic data streams.

In the last year of his life, the international academic community recognized his achievements by awarding him the European Association for Signal Processing Technical Achievement Award for contributions in the application of Bayesian theory. Such pioneering applications have radically changed the field of cyber security and profoundly influence Darktrace. As a colleague, mentor and friend, we miss him greatly.

Advisory Board

Sir Jonathan Evans KCB

Sir Jonathan Evans was Director General of MI5 from 2007 to 2013. He spent 33 years with MI5, defending the UK against internal and domestic terrorism and cyber-threats. He was appointed to the Security Service's Management Board as Director of international counter terrorism in 2001, ten days before the 9/11 attacks on the World Trade Center. He became Deputy Director General to Dame Eliza Manningham-Buller in 2005. Sir Jonathan was appointed Knight Commander of the Order of the Bath (KCB) in the 2013 New Year's Honours List.

Dr Mike Lynch OBE

Celebrated as 'Britain's Bill Gates', Mike Lynch is a renowned technologist at the cutting-edge of fundamental new technologies. Having founded Autonomy in 1996, based on technology invented at Cambridge, it quickly became one of the most successful companies on the FTSE 100 and was acquired in 2011 for $11 billion. He went on to found investment firm Invoke Capital in 2012, which focuses on developing new fundamental technologies in Europe. Mike was named Computer Weekly's 'Most Influential Person of the Year' and won the Chartered Institute for IT's award for Outstanding Contribution to IT in 2011. He is a fellow of the Royal Academy of Engineering, an honorary fellow of Christ's College, Cambridge, and a scientific advisor to the British Prime Minister.

Technical Excellence

Darktrace's technical teams are made up of world-class mathematicians and technical experts, with core specialisms in applied statistics, statistical signals processing and probabilistic mathematics. Our experts have carried out cutting-edge mathematical research at the Universities of Cambridge and Oxford, forming the basis of a breakthrough in Bayesian mathematics named Bayesian Estimation Theory, which lies at the heart of Darktrace's unique Enterprise Immune Systems technology.

“The core of Darktrace's mathematical processing is the determination of normative behavior. Using advanced statistical methods, we can observe very subtle variations in machine events to pinpoint pivotal features within a specific type of behavior that may determine compromise.”

Dr Thomas Dean holds a PhD in Applied Mathematics from Brown University and has conducted extensive research at the University of Oxford and the University of Cambridge into Monte Carlo techniques and computational statistics. Thomas is an expert in Monte Carlo simulation, filtering and likelihood-free inference.

The team also includes expert software engineers who developed novel techniques to visualize real-time threat within an enterprise, leading to the creation of the Darktrace Threat Visualizer. Darktrace also benefits from the combined seventy years' experience of several human intelligence experts who worked in the UK government's cyber unit to combat cyber threat.

"Darktrace's unsupervised learning approach is very important, because it allows the machine to automatically sort all types of data, without knowing in advance what it is looking for. We can spot the 'unknown unknown' threats this way.”

Dr Stephen Casey holds a PhD in Applied Mathematics and Theoretical Physics from the University of Cambridge, where he worked on General Relativity, the theory of path geometries and partial differential equations. He currently specializes in Markov models, particle swarm theory, clustering methods and large-scale data mining.

Darktrace's long-standing links with the University of Cambridge give it access to unrivaled mathematics and engineering talent, and the company continues to enjoy strong ties to Cambridge's technical academic community, helping it remain at the cutting edge of technological innovation.

Thomas Bayes

Thomas Bayes was a British statistician of the eighteenth century who formulated Bayes' theorem.

More recent developments in Bayesian probability theory focus on identifying meaningful relationships within data and quantifying the uncertainty associated with these inferences. Understanding this uncertainty makes it possible to bring together many results within a consistent framework, which is the basis of Bayesian probabilistic analysis. Darktrace's technical experts were instrumental in the development of a new branch of Bayesian mathematics named Recursive Bayesian Estimation.

Read More

Darktrace's Executive Team >
Applying Bayesian mathematics to Enterprise Immune Systems >
Recursive Bayesian Estimation >

Careers

Darktrace is a leader in cyber defense, working with corporations and governments to address the challenges of protecting valuable information and assets. Darktrace's innovative intelligence-led technology and new mathematics understand subtle day-to-day interactions and establish a picture of 'normal' behavior for every individual and machine in an organization.

The Darktrace team will be shaping the critical cyber defense of major international FTSE 100 and Fortune 1000 companies, and influencing the evolution of a truly revolutionary technology. We are looking for people with a passion for technology and an interest in solving complex challenges: individuals with integrity who can build trust with customers at a fast pace, and self-starters who instinctively push themselves to new levels of performance. We value intellectual ability and fast learning over experience.

To apply for a position at Darktrace, please send your CV and cover letter, indicating the position you are interested in to [email protected].

Open Positions in the U.S.

Cyber Defense Technology Specialists

Locations: San Francisco, New York, Washington

Travel required

You will control the deployment of active defense and attack investigations, interacting directly with both the customer and the software development team. Your role will be to drive the pre- and post-sales technological activity in the field.

Qualifications and Experience:

  • A good university degree in a technical subject, such as engineering, computer science, physics, mathematics, or CIS/IT, with a minimum GPA of 3.0, is required. Experience with customer-facing activities (pre-/post-sales), as well as security and network consulting, is desirable but not essential.
  • Practical experience with network and security devices/systems, e.g. Cisco, Juniper, Firewalls, IDS, IPS, SIEM is desirable but not essential.
  • Experience of web technologies and programming/scripting languages (e.g. C, Python, Perl, Ruby etc.) is also desirable.

Cyber Defense Operations Analysts

Locations: San Francisco, New York, Washington

Travel required

You will interact directly with both the customer and the software development team. Your role will be to forensically investigate and explore new forms of cyber-attack through hands-on control of the Darktrace Cyber Intelligence Platform in real time.

Qualifications and Experience:

  • A good university degree in a technical subject, such as engineering, computer science, physics, mathematics, or CIS/IT, with a minimum GPA of 3.0, is required. Experience with customer-facing activities (pre-/post-sales), as well as security and network consulting, is desirable but not essential.
  • Practical experience of protocol/packet analysis, penetration testing and malware discovery/analysis will be an advantage.
  • Experience of web technologies and programming/scripting languages (e.g. C, Python, Perl, Ruby etc.) is also desirable.

Open Positions in Europe

Trainee Graduate Cyber Security Analysts

A background or experience in cyber intelligence is not required — simply the desire and capacity to learn

Location: London or Cambridge

This is an opportunity to gain valuable experience in the rapidly-evolving cyber security industry. You do not need any prior knowledge, just a notable enthusiasm and willingness to learn. We will provide training, after which your responsibilities include:

Qualifications and Skills:

  • Bachelors or Masters Degree in a scientific or engineering discipline (2:1 or above).
  • Excellent interpersonal/communication skills, both verbal and written.
  • Experience and proven ability to work autonomously and in a team in an innovative and fast-paced environment whilst delivering to deadlines.
  • Enthusiasm for innovation, experimentation and self-development in the cyber security field.

Training will be given to gain the following experience:

  • Knowledge of networking and security architecture.
  • Experience of cyber security/incident response, security architecture; working towards security certification such as CISSP, GIAC or vendor specific are desirable.
  • Practical experience with network and security devices/systems e.g. Cisco, Juniper, Firewalls, IDS, IPS, SIEM.
  • Experience of programming/scripting languages (e.g. Python, Perl, Ruby).
  • Hands-on sysadmin skills (Linux and Windows) and experience with network and packet analysis using open source technologies.

Junior and Senior Network & Systems Administrators

Location: Cambridge

You will be supporting the secure operations of a small, fast-moving and dynamic engineering team dedicated to the creation of the industry's first Bayesian Enterprise Immune Systems platform. Typical infrastructure technologies used include the TCP/IP networking stack with industry standard network/security appliances, Windows domain administration, distributed Linux environments with commonly used open source server services, and other technologies closely tied to corporate IT infrastructure, such as SMTP mail gateways or proxies, mixed manufacture firewall and other border devices.

Qualifications and Experience:

  • A good university degree in a technical or scientific subject, such as engineering, computer science, physics or mathematics, with a 1st or 2:1, is required.
  • The ideal candidate must be able to demonstrate experience in the secure operations of protected mail, coms and source code development infrastructure.
  • Experience of a wide range of infrastructure elements over a networked Linux or Windows environment would be an advantage but is not essential.

C++ Software Engineer

Location: Cambridge

Candidates with strong interest and experience in server side C/C++ software development are required to join a small and dynamic team responsible for the design and creation of high performance multithreaded server-level technology designed to detect and defeat advanced cyber threat vectors. Further technologies of interest can include Cyber Security, Research and Development of Mathematical Algorithms, Networking, TCP/IP, Testing Frameworks and Windows Development.

Qualifications and Experience:

  • A good university degree in a technical or scientific subject, such as engineering, computer science, physics or mathematics, with a 1st or 2:1, is required.
  • Experience in C/C++ software development.
  • Experience of Python, Linux, SQL and NoSQL store technologies would be an advantage but is not essential.

Web Software Engineer

Location: Cambridge

Software engineers with a strong interest in web technologies and development are required to join a small, fast-moving and dynamic team dedicated to the creation of the industry's most advanced cyber security forensic visualization and analysis layer. Typical technologies used include HTML5, CSS, WebGL, JavaScript, Node.js, and JavaScript-based libraries such as jQuery, Backbone and Kotlin.

Qualifications and Experience:

  • A good university degree in a technical or scientific subject, such as engineering, computer science, physics or mathematics, with a 1st or 2:1, is required.
  • The ideal candidate must be able to demonstrate extensive experience designing and writing web-based applications and a flair for HCI/UX innovation.
  • Experience with scripting languages (PHP, Python, Perl etc.) and knowledge of visualization technologies such as d3 and three.js would be an advantage but is not essential.

Cyber Defense Technology Specialists

Location: United Kingdom

International travel may be required

You will control the deployment of active defense and attack investigations, interacting directly with both the customer and the software development team. Your role will be to drive the pre- and post-sales technological activity in the field.

Qualifications and Experience:

  • A university degree in a technical subject, such as engineering, computer science, physics or mathematics, with a 1st or 2:1, is required. Experience with customer-facing activities (pre-/post-sales), as well as security and network consulting, is desirable but not essential.
  • Practical experience with network and security devices/systems, e.g. Cisco, Juniper, Firewalls, IDS, IPS, SIEM is desirable but not essential.
  • Experience of web technologies and programming/scripting languages (e.g. C, Python, Perl, Ruby etc.) is also desirable.

Cyber Defense Operations Analysts

Location: Cambridge

Based in our Critical Control Operations Centre, you will interact directly with both the customer and the software development team. Your role will be office-based to forensically investigate and explore new forms of cyber-attack through hands-on control of the Darktrace Platform in real-time.

Qualifications and Experience:

  • A university degree in a technical subject, such as engineering, computer science, physics or mathematics, with a 1st or 2:1, is required. Experience with customer-facing activities (pre-/post-sales), as well as security and network consulting, is desirable but not essential.
  • Practical experience of protocol/packet analysis, penetration testing and malware discovery/analysis will be an advantage.
  • Experience of web technologies and programming/scripting languages (e.g. C, Python, Perl, Ruby etc.) is also desirable.

Cyber Defense Operations Support

Location: Cambridge

This role may require on-call, out of hours and shift working

This role requires patience and discipline with the ability to react quickly and calmly. Based in our Critical Control Operations Centre, you will be in the front-line of cyber defense, responding to and reporting on critical customer events through the Darktrace platform. You will interact directly with both the customer and the software development team.

Qualifications and Experience:

  • A good scientific, computer science or engineering degree with grade 2:1 and above is desirable, but advanced technical vocational qualifications will also be considered.
  • Proven ability to work with data and analytical tools.
  • Thorough understanding of general networking and cyber security technologies is desirable but not essential.
  • Experience of support and incident response procedures and practices is an advantage.

To apply:

Please send your CV and cover letter, indicating the position you are interested in, to [email protected].

Read More

Company Overview >
Contact Us >

Darktrace Vision

Self-Learning Human Behaviors at the Speed of Threat

Darktrace's vision is to apply human intelligence to cyber defense through revolutionary technology.

Our unique expertise in cyber defense operations and ground-breaking, self-learning technology allows organizations to keep up with the speed and sophistication of today's attackers.

Whether defending against an APT or an insider attack, Darktrace understands the human traces behind every attack. Our solutions are anchored in Enterprise Immune Systems technology, which detects subtle indicators of compromise and threatening behaviors, even when those behaviors are brand new, complex and constantly changing.

The age of surrounding your information with higher and higher walls is over. Legacy approaches permanently leave you a step behind. Darktrace moves at the same speed as the threat, automatically learning from an organization's ongoing activity in real time to detect threat behaviors as they emerge.

Read More

Company Overview >
Enterprise Immune Systems >

"At Darktrace we're not concerned about how intruders break in - we detect threat that is inside, live and dangerous."

Andrew France OBE, CEO, Darktrace

Enterprise Immune Systems

Learns what 'self' is — and detects new emerging threats

Darktrace is the leader in a fundamentally new category of technology, Enterprise Immune Systems, which is revolutionizing the cyber defense capability of global corporations, as they strive to protect their most valuable information assets and intellectual property.

Enterprise Immune Systems technology is powered by a new branch of Bayesian probability theory, developed at Cambridge University, which allows computers to learn what 'self' is with regards to individual users, devices, and entire computer networks. The technology forms an understanding of of the normal pattern of life of these entities, and is thereby capable of detecting deviations from these moving patterns, however subtle.

This ground-breaking technology is unique in its ability to adapt to changing environments and dynamically refine its understanding of the network environment, based on the activity and information that it sees. This means that it can spot fresh threats that have not yet been seen, including sophisticated APTs or insider attacks.

The ability to understand and detect subtle human traces of compromise within an organization allows Enterprise Immune Systems to spot even the stealthiest of attackers, who would have otherwise evaded legacy security tools, which have a defined idea of what they are looking for.

Enterprise Immune Systems are utilized by global corporations to defend against insider threats and external threats that are driven by intelligent and well-resourced human beings. It provides them with the most effective tools to glean real intelligence about these threats as they traverse the insides of their networks and systems, and to curb and prevent damaging cyber-attacks from occurring.

Only Enterprise Immune Systems can detect the 'unknown unknown' threats that are in your organization today and will emerge on your systems tomorrow, and keep pace with them in real time.

Read More

Darktrace Vision >
Darktrace Cyber Intelligence Platform (DCIP) >

Recursive Bayesian Estimation

The last decade has seen dramatic advances in mathematical research in the areas of statistics and statistical signal processing. Such advances have allowed mathematicians to extract ever-smaller and subtler signals from large, high-dimensional data sets, often in real time. Using Bayesian inference theory, it has become possible to identify meaningful relationships within data and quantify the uncertainty associated with such inference.

Recursive Bayesian Estimation (RBE) is a new branch of Bayesian mathematics that has a unique impact on the cyber security challenge, given the complexity and variability of both the defended environment (typically multi-faceted global networks) and the threat vectors, which are sophisticated and intelligent.

The breakthrough in RBE mathematics happened at the University of Cambridge, where world-class mathematics under the direction of Professor Bill Fitzgerald have pioneered advanced probabilistic modelling that detects genuine anomalies to the highest degree of accuracy yet.

Read More

Darktrace Cyber Intelligence Platform (DCIP) >
Technical Excellence >

"It's a very exciting time for digital signal processing. Recent breakthroughs will fundamentally change the way we approach information processing in the future."

Professor Bill Fitzgerald, University of Cambridge Engineering Department and Darktrace advisor

Darktrace Cyber Intelligence Platform

Darktrace Cyber Intelligence Platform (DCIP) is Darktrace's leading Enterprise Immune Systems solution, representing a new class of enterprise-wide cyber defense software that helps large enterprises and government bodies protect themselves against advanced attacks and data compromises from within the network. It is principally designed to counter the most serious and sophisticated forms of attack, including Advanced Persistent Threats and insider threats.

DCIP is a linearly-scalable software platform which is capable of monitoring network, host and mobile device activity across the enterprise, providing a range of cyber capabilities that deliver robust and resilient defense against large-scale cyber compromise and attacks.

DCIP is uniquely capable of identifying human and machine behaviors that represent threat with a high degree of accuracy — and without a deluge of false positives. Powered by revolutionary Bayesian mathematics, it has a unique inside view of an organization's entire network activity at the deepest level and is able to automatically learn from all information that flows through the network.

Modelling patterns of life for each user and machine, it is the only software platform able to detect normal and abnormal behaviors as they emerge, without already knowing what it is looking for, and calculate the probability of threat based on the detection of behavioral anomalies.

The essential and unique function performed by DCIP is to apply an intelligence-led filter to the noise of an organization's internal networks and systems, amplifying the sounds that need to be heard. Its ability to spot and correlate small indicators of change and compromise allow it to detect even extremely subtle and persistent threat actors, wherever they come from and whatever their intent.

DCIP is the only next-generation platform that gives the defender the power to observe and interrupt the cyber kill chain in real time.

Read More

Enterprise Immune Systems >
Threat Visualizer >

The Darktrace Difference

  • No rules, no signatures
  • No 'a priori' knowledge
  • Real time
  • Self-learning

Darktrace Threat Visualizer

Darktrace Threat Visualizer is a unique interface that provides a real-time, operational overview of an organization's entire network and the threat level it faces at any given time.

Leveraging Enterprise Immune Systems technology and cutting-edge visualization techniques, the Threat Visualizer lets you see what is happening in your enterprise globally, visually representing all network activity and connections, both external and internal, between all machines and users. This works at a high level, flagging diverse threats and anomalies for the analyst's attention, and at a more granular level, allowing you to drill down and view specific clusters of activity, subnets and host events.

The Threat Visualizer is the only real-time threat visualization tool designed for both C-level executives and threat analysts. Using revolutionary Bayesian algorithms, it dynamically identifies top threats that are genuinely anomalous, allowing organizations to focus their attention and expertise proportionately, on areas of greatest risk.

Darktrace Threat Visualizer also allows you to enforce corporate policy and monitor users according to defined criteria. Powered by Darktrace Cyber Intelligence Platform, it helps organizations to identify key assets and intellectual property, monitor threat levels as they evolve and take pre-emptive actions to protect your business — and interrupt the cyber kill chain.

Read More

Darktrace Cyber Intelligence Platform (DCIP) >

White Papers

Enterprise Immune System White Paper

This white paper discusses the challenges of the threat landscape, the limitations of legacy security approaches, and Darktrace's new approach to cyber defense.

Request Resource

Retail White Paper

This paper explores recent cyber-attacks to the retail industry, examining how an intelligence-led approach to cyber defence can help retailers avoid damaging cyber incidents and protect their data and reputation.

Request Resource

Insider Threat White Paper

This white paper addresses the growing challenge of insider threat. Learn why good practise is not always good enough in an age of interconnected businesses, global supply chains and porous boundaries, and how a new perspective is required to tackle the problem in a practical and meaningful way.

Request Resource

Press Releases

Top U.S. Cyber Experts Join Darktrace to Protect Private Sector with Enterprise Immune System

Strong Adoption of Technology Proves Machine-Learning Approach Works

Cambridge, UK — July 22, 2014

Darktrace, one of the world's fastest-growing cyber security companies, today announces the appointment of two senior officials from the U.S. intelligence community, complementing the mathematicians and machine learning specialists and U.K. intelligence officials who founded Darktrace in 2013.

"The strong adoption of our unique technology in the first two quarters accelerated our U.S. market expansion and I am delighted to welcome Jim Penrose and Jasper Graham to our outstanding commercial team," commented Andrew France, CEO of Darktrace. "Jim and Jasper bring outstanding cyber security and technical experience to the Darktrace executive team, delivering real-time, self-learning threat detection capabilities to our customers."

Jim Penrose joins Darktrace as Executive Vice President of Cyber Intelligence, following a distinguished 17-year career at the National Security Agency as an expert in computer security and information assurance. He was responsible for a variety of roles at the agency encompassing threat operations, counterterrorism and, most recently, as Chief of the Operational Discovery Center, helping to develop new signal intelligence capabilities.

Penrose is joined by Jasper Graham, who spent 15 years with the NSA, formerly holding the position of Technical Director, and will serve as Darktrace's Senior Vice President of Cyber Technologies and Analytics. Graham worked directly with United States Cyber Command (USCC) and the U.S. Intelligence Community to develop strategic planning for understanding and responding to cyber-attacks. He is a Certified Information System Security Professional (CISSP) and has received over 15 awards from the NSA for his critical work in national security.

"Having spent 20 years in defense and intelligence, I have experienced threats of all forms and factors. The rate at which these threats mutate and the sophistication with which they traverse networks is frequently astounding and has transformed the way we need to think about our defensive strategies," said Jim Penrose, EVP of Cyber Intelligence at Darktrace. "Darktrace offers the only approach that accepts this reality and employs best-in-class mathematics and machine learning to probabilistically detect when abnormal events occur — even without knowing about the existence of a threat or what form it might take."

Darktrace's U.S. customer base spans a range of industries including energy and utilities, financial services, technology and healthcare. Its Washington D.C. office is supported by teams in New York and San Francisco, as well as the rest of Darktrace's global network.

About Darktrace

Darktrace is one of the world's fastest-growing cyber defense companies and the leader in Enterprise Immune System technology, a new category of cyber solutions based on pioneering Bayesian mathematics developed at the University of Cambridge. Darktrace addresses the challenge of insider threat and advanced cyber-attacks through its unique ability to detect previously unidentified threats in real time, as manifested in the emerging behaviors of the network, devices and individuals. Some of the world's largest organizations rely on Darktrace's adaptive, self-learning platform to spot anomalous activity within the enterprise, in sectors including energy and utilities, financial services, telecommunications, retail and transportation. Darktrace was founded by world-class machine learning specialists and operational government intelligence experts. The company is headquartered in Cambridge, UK, with offices in London, Milan, New York, Paris, San Francisco and Washington D.C.

Darktrace at Oil & Gas Cyber Security Conference, Houston

Wednesday July 16, 2014

Darktrace today exhibits at the Oil & Gas Cyber Security Conference in Houston, Texas. Now in its second year, this event tackles key cyber security issues for the oil and gas industries, including managing communication between OT and IT networks and building response plans to enhance security around SCADA systems.

Taking place over two days, Oil & Gas Cyber Security allows senior security professionals in the energy sector to share their knowledge and insights through case study presentations and networking.

The event takes places at the DoubleTree by Hilton Hotel in Houston.

Darktrace Announces New, Self-Learning Cyber Intelligence Platform

Cambridge, UK — Tuesday June 24, 2014

Darktrace, founded by world-class machine learning specialists and operational government intelligence experts, today announced the launch of its self-learning Darktrace Cyber Intelligence Platform version 2. Darktrace gives customers the ability to detect anomalies in real time that go undetected by existing security tools, thanks to its ground-breaking Enterprise Immune System technology that learns 'self' and what is normal and abnormal activity within an organization.

Fifty of the world's largest companies use Darktrace's cutting-edge technology to protect against advanced external and insider cyber threats by detecting emerging anomalies in real time. This allows cyber analysts to investigate and mitigate in-progress incidents.

Powered by advanced Bayesian mathematics and machine learning developed at the University of Cambridge, Darktrace is at the forefront of a step-change in the way organizations approach this new era of cyber-attacks. Its adaptive cyber intelligence platform is used to protect major critical national infrastructure providers from constantly-evolving attack methods.

Rather than producing a flood of false positive alerts, Darktrace analyzes raw data over time using probabilistic math, and anomalies are clustered, prioritized and visualized. With this unique intelligence, Darktrace's world-leading cyber specialists work closely with Security Operation Centers (SOCs) and threat analysts to quickly mitigate potential threats.

The new version of Darktrace implements a number of new, unique features including:

  • Real-Time Total Network Immersion: the most complete visibility into all network interactions, including internal, device-to-device communications, border information, internet channels, log files, historical data etc., delivered by Darkflow, Darktrace's proprietary network data capture tool.
  • User, Device and Network Correlation: Darktrace creates real-time mathematical models for every device and user within the organization and for the network as a whole, and correlates the findings to work out the probability of a threat scenario.
  • 3D Threat Visualization: Darktrace's industry-leading Threat Visualizer is powered by proprietary 3D topological network projection technology (TNPT), which uniquely allows customers to analyze and traverse vast internal networks in real time.

"As we continue to move away from the old model of building walls around an organization, including tools such as intrusion prevention systems, it is clear that the next generation of cyber defense solutions must assume that infiltration may already have happened," said Andrew France, CEO of Darktrace. "Darktrace is a great example of this new generation of self-learning systems, which constantly adapt to evolving information environments.

"Darktrace's Enterprise Immune System approach delivers real-time insights into potentially interesting or worrying data events, giving our customers an advantage over the attackers in highly dynamic and fast-moving threat scenarios."

Darktrace Cyber Intelligence Platform version 2 has been made available immediately.

Andrew France at Flagship Government Cyber Event

Tuesday June 17, 2014

Darktrace today presents at CESG's IA14 conference, the government's flagship event for cyber security and information assurance decision-makers from across central government, the wider public sector, industry and academia.

Darktrace's CEO, Andrew France OBE, will present a Lightning Talk at 11:10, discussing the next generation of cyber defense solutions, founded on ground-breaking Enterprise Immune System technology. This fundamentally new approach is unique in dealing with both insider and external cyber threats, due to its ability to self-learn and adapt to constantly changing information environments and attack methodologies.

IA14 takes place at the Park Plaza Hotel, London.

Darktrace Partners with Services Provider Netswitch

Cambridge, UK and San Francisco — Tuesday June 17, 2014

Darktrace today announces that it has signed a reseller agreement with the leading technology services provider Netswitch, to deliver its ground-breaking technology for cyber defense to more organizations in the U.S. market and beyond.

Netswitch, which was founded in San Francisco in 2000, has a global customer base, specializing in information security, cloud computing and managed services. The company prides itself on delivering cutting-edge, fully integrated information systems to large blue-chip companies.

"We are delighted to be working with Darktrace to deliver the most cutting-edge solution on the market today for cyber defense," said Stanley Li, CEO of Netswitch. "Darktrace's innovative 'immune system' approach offers our customers the ability to protect themselves in a responsible and resilient way, and we look forward to delivering the Darktrace Cyber Intelligence Platform to our customer base."

About Darktrace

Darktrace is a world leader in Enterprise Immune System technology, a new category of cyber defense solutions based on pioneering Bayesian mathematics developed at the University of Cambridge. Darktrace addresses the challenge of insider threat and advanced cyber-attacks through its unique ability to detect previously unidentified threats in real time, as manifested in the emerging behaviors of the network, devices and individuals. Some of the world's largest organizations rely on Darktrace's adaptive, self-learning platform to spot anomalous activity within the enterprise, in sectors including energy and utilities, financial services, telecommunications, retail and transportation. Darktrace was founded by world-class machine learning specialists and operational government intelligence experts. The company is headquartered in Cambridge, UK, with offices in London, Milan, New York, Paris, San Francisco and Washington D.C.

About Netswitch

Netswitch is a global Managed Security Services provider offering an end-to-end enterprise security solution called MADROC® which is delivered on a subscription basis via the Cloud.

MADROC® is an integration of software and hardware components that provide complete, multi-point enterprise security, intrusion detection and prevention, network monitoring and mapping and MDM/BYOD management and control, along with integrated intelligence about every aspect of a company's security profile with analysis of every possible threat vector.

Every component of IT infrastructure is secured, monitored and protected under MADROC®. Their product can identify potential threats based on advanced behavioral analytics, as well as protect all data, all programs, systems and applications, back-end databases, web traffic and applications attempting to come through a firewall, and personal mobile devices like smartphones, tablets, convertibles and detachables as well as PCs and laptops, from malware and advanced persistent security attacks.

MADROC® also provides real-time network performance data that helps to cost-effectively manage network growth, and is fully integrated with networks like CiscoWorks, HP OpenView, IBM Tivoli and others. The MADROC® network monitor provides an at-a-glance, real-time view of all network devices, services, applications, connections, and traffic patterns and provides complete regulatory compliance, auditability and reporting for SOX, HAS, HIPPA, FISMA, PCI DSS, etc., requirements at the database, web firewall, application, file and device levels.

Netswitch has been in business since 2000 with offices in San Francisco, Hongkong, Beijing, Singapore and Thailand.

Ballintrae and Darktrace Partner to Step Up the Battle Against Cyber Attacks

Wednesday June 11, 2014

Ballintrae today announces a partnership agreement with Darktrace, the pioneering cyber-security business formed by world-class Cambridge mathematicians and former executives of UK cyber defence intelligence services. Both external and internal cyber threats are becoming increasingly sophisticated and complex. Many attacks are now designed to hide and evolve within a system, and financial services companies face the risk of not only data loss but also damage to data integrity.

The partnership will enhance Ballintrae's ability to help its many financial services clients maintain a significant edge in their battle against such threats. Darktrace's unique and ground-breaking Enterprise Immune System technology is gaining broad and swift recognition in cyber security circles. The technology offers the differentiated capability to identify network and security threats before they cause damage to the enterprise.

Steve Street of Ballintrae said, "Ever increasing amounts of time and money are being spent on IT security in order to better protect networks and data from being compromised. As technology advances, threats have also become more sophisticated. Historically, enterprises have fought this constant battle from a defensive position, responding to new attacks after they have been identified. This approach meant that threats were able to adversely impact systems, data integrity, compliance positioning and brand before action was taken. Darktrace Cyber Intelligence Platform enables organisations to get ahead of this evolving threat curve through behavioural analysis. The solution allows identification and mitigation of emerging threats as they begin to manifest themselves within the network. Our partnership will place our clients in the position to address risks before major damage is done."

Andrew France, CEO of Darktrace said, "Darktrace brings a fundamentally new approach to the cyber challenge, based on best-in-class machine learning and mathematics developed at the University of Cambridge. Our mission is to enable clients to identify, mitigate and remove risk both in real time and ahead of time. I've no doubt that our partnership with Ballintrae, a highly respected IT security and services consultancy in the financial services market, will accelerate adoption of our Enterprise Immune System technology within the community. We look forward to a long and successful business relationship."

About Ballintrae

Ballintrae is a specialist consultancy focusing on the provision of innovative IT services to the financial services industry. Focusing on three key areas within IT infrastructure: Market Data Services, IT Security and IT Infrastructure, they work in partnership with their clients to shape and deliver change that has a lasting and positive impact.

About Darktrace

Darktrace is a world leader in Enterprise Immune System technology, a new category of cyber defense solutions based on pioneering Bayesian mathematics developed at the University of Cambridge. Darktrace addresses the challenge of insider threat and advanced cyber-attacks through its unique ability to detect previously unidentified threats in real time, as manifested in the emerging behaviors of the network, devices and individuals. Some of the world's largest organizations rely on Darktrace's probabilistic, self-learning platform to spot anomalous activity within the enterprise, in sectors including energy and utilities, financial services, telecommunications, retail and transportation. Darktrace was founded by world-class machine learning specialists and operational government intelligence experts. The company is headquartered in Cambridge, UK, with offices in London, Milan, New York, Paris, San Francisco and Washington D.C.

Darktrace Exhibits at Cyber Security Summit, DC Metro

Thursday June 5, 2014

Darktrace today exhibits at the Cyber Security Summit in Tysons Corner near Washington, DC. Taking place at the Sheraton Premiere Hotel, this event brings together senior executives from major organizations and US government security experts, to share their insights into securing enterprises and national infrastructure in an evolving threat landscape.

Visit Darktrace at booth 102 to learn about our fundamentally different approach to defending against advanced cyber threats, based on new Enterprise Immune System technology.

Darktrace Presents at e-Crime Congress, Paris

Thursday June 5, 2014

Darktrace presented today at the e-Crime Congress in Paris, showcasing its leading cyber defense technology. The event, which took place at the Hôtel du Collectionneur, is the region's largest conference for senior information security decision-makers. Key topics of discussion included strategies for protecting information assets and managing cyber security risks amid a changing threat landscape.

Darktrace's CEO, Andrew France, presented an Education Seminar, which introduced Darktrace's Enterprise Immune System approach to cyber defense. He emphasized the necessity of embracing probability to defend against advanced cyber threats, reconciling the business need for interconnectivity with resilient cyber defense.

Darktrace Presents at SC Congress, London

Tuesday June 3, 2014

Darktrace today presents at the SC Congress in London. Held at the ILEC Conference Centre, this event brings together information security professionals to discuss the challenge of defending against sophisticated attackers in today's complex and flexible business environment.

Andrew France OBE, CEO of Darktrace, will present 'Enterprise Immune Systems: The Probabilistic Approach to Cyber Defence' at 10:30 am. He will discuss Darktrace's unique new approach to protecting enterprises from serious threats, based on an Enterprise Immune System which probabilistically detects anomalies and identifies emerging threat.

As a Platinum Sponsor, Darktrace will also exhibit at the event, demonstrating its flagship solution for cyber defense, Darktrace Cyber Intelligence Platform (DCIP).

Dexa Systems and Darktrace Partner to Offer Innovative Solutions for Emerging Attacks

Houston and Cambridge, UK — Wednesday May 21, 2014

Dexa Systems, Inc. and Darktrace have announced that they are partnering to deliver next-generation cyber defense technology to the oil and gas sector, enabling organizations to detect and combat emerging cyber threats in real time.

As critical infrastructure companies are typically common targets of cyber-attack, Dexa continuously searches for more effective methods to shield customers from security breaches and compromises. Darktrace's solutions address fundamental gaps in security, through its groundbreaking Enterprise Immune System technology, which is uniquely capable of understanding 'self' within an organization and detecting normal and abnormal behaviors in real time.

Darktrace Cyber Intelligence Platform (DCIP), powered by Enterprise Immune System technology, takes a mathematical, probabilistic approach to external and insider cyber threats. DCIP analyzes all information inside the network and adaptively learns the normal patterns for every user, device and the enterprise as a whole. Darktrace is therefore able to detect behavioral anomalies in real time, which are indicative of emerging threats, allowing organizations to take timely action. Threat analysts interact with the platform through Darktrace's Threat Visualizer, a powerful 3D visualization interface that provides a state-of-the-art overview of the network and allows customers to view emerging security incidents, move forward and back in time to analyze suspicious activity and take remedial actions.

Dexa Systems has a strong focus on the energy sector and works to defend the nation's critical national infrastructure, where Darktrace's mathematical approach can provide great benefits. Together, Dexa Systems and Darktrace bring to the market an innovative 'immune system' approach and new technology, based on core probabilistic mathematics, intelligence expertise and 3D visualization.

About Darktrace

Darktrace is a world leader in Enterprise Immune System technology, a new category of cyber defence solutions based on pioneering Bayesian mathematics developed at the University of Cambridge. Darktrace addresses the challenge of insider threat and advanced cyber-attacks through its unique ability to detect previously unidentified threats in real time, as manifested in the emerging behaviours of the network, devices and individuals. Some of the world's largest organizations rely on Darktrace's adaptive, self-learning platform to spot anomalous activity within the enterprise, in sectors including energy and utilities, financial services, telecommunications, retail and transportation. Darktrace was founded by world-class machine learning specialists and operational government intelligence experts. The company is headquartered in Cambridge, UK, with offices in London, Milan, New York, Paris, San Francisco and Washington D.C.

About Dexa Systems

Dexa Systems, Inc. specializes in cutting-edge security assessments and solutions to protect the critical infrastructure systems of enterprises, providing a strong cyber security posture. We also provide turnkey identity access and authentication solutions, both for logical and physical access. We specialize in the Oil & Gas industry. Dexa helps keep your enterprise safe, so you can focus on what's most important: the business.

Darktrace Presents at Wall Street Technology Association's Cyber Security Event in New York

Wednesday April 30, 2014

Darktrace presents at the Wall Street Technology Association's 'Delivering Cybersecurity' seminar in New York today. This half-day seminar brings together senior decision-makers in the financial sector and technology experts to discuss measures to strengthen enterprise security strategies in an era of advanced and ever-changing threats.

Andrew France, CEO of Darktrace, will give a presentation entitled 'Detecting Emerging Cyber Threat in Real Time: Spotting the Human Traces of an Attack' at 12:30pm, examining the new realities of insider threat and information compromise, and introducing Enterprise Immune Systems, a new approach to cyber defense.

Darktrace will also demonstrate its next-generation 3D visualization interface, the Threat Visualizer, at the event.

Darktrace Exhibits at Infosecurity Europe 2014

Tuesday April 29, 2014

Darktrace today exhibits at Infosecurity Europe 2014, Europe's largest information security trade show, at Earls Court Exhibition Centre, London.

Steve Huxter, Darktrace's COO, will present a Technology Showcase session, "The New Normal: Building an Immune System to Counter Sophisticated Threat" at 3pm on Thursday 1st May in the Technology Showcase Theatre.

Come and see us at stand N87 in the New Exhibitor Zone, for an exclusive demo of Darktrace's pioneering Threat Visualizer.

Darktrace & Exclusive Networks Partner Against Next Generation Cyber Attacks

Wednesday April 23, 2014

Exclusive Networks has today announced a distribution agreement with Darktrace to bring the company's unique Behavioural Cyber Defence platform to market via a select group of security integrators. The pan-EMEA agreement, spearheaded out of the UK, exposes Exclusive Networks' partner community to the advanced detection science needed to protect against the new generation of complex cyber attacks.

"Darktrace has attracted attention for its strong investor backing and a leadership team drawn from the UK intelligence services. The company blends years of operational experience with new branches of Bayesian mathematics to produce a genuinely innovative solution for major enterprises: the ability to detect subtle traces of unique new threats within huge swathes of data," said Graham Jones, Joint Country Manager at Exclusive Networks UK. "With all our activity around CARM over the last 12 months, it was a logical step to work together. Darktrace's unique ability to look deep inside the network and learn is very complementary to our existing technologies."

CARM, or Cyber Attack Remediation & Mitigation, is a unique integrated platform that combines the best of breed capabilities of a number of vendors, and focuses on the post-breach issues enterprises face following a cyber attack. CARM (www.carmsecurity.com) enables enterprises to identify, contain, respond, remediate and ultimately mitigate the impact of the breach faster and more efficiently than ever before.

"Exclusive understands the market opportunity for Darktrace, given its fundamentally new approach to cyber security. Powered by best-of-class, probabilistic mathematics, Darktrace is capable of spotting previously unidentified threats in real time," said Andrew France, CEO of Darktrace. "It will be Exclusive Networks' task to accelerate our connections with partners that have the right technical skills and the optimum relationships with customers. All our partner relationships are strategic and hence highly selective."

Both Darktrace (Stand N87) and Exclusive Networks UK (Stand E65) are exhibiting at the Infosecurity Europe event in London from 29th April to 1st May. Exclusive Networks is also undertaking a series of dedicated events for prospective Darktrace partners.

Darktrace Participates at Cybersecurity Summit 2014 in Milan

Wednesday April 9, 2014

Darktrace exhibited at the Innovation Group's Cybersecurity Summit 2014 in Milan today. Held at Milan Marriott Hotel, the conference brought together international experts in the field to exchange ideas on protecting data and securing enterprise networks in a new age of cyber threat.

The conference was attended by senior members of Darktrace's European team, who demonstrated Darktrace's flagship 3D interface, the Threat Visualizer.

For more information about the event or Darktrace's activity in Italy, please email [email protected].

Darktrace Presents at Enterprise Security and Risk Management 2014

Tuesday March 25, 2014

Darktrace presented at Whitehall Media's Enterprise Security and Risk Management (ESRM) conference today at Hotel Russell, London. The event brought together leaders in IT security and risk management to discuss strategies for risk mitigation and protecting data.

Darktrace's CEO, Andrew France, presented a case study on Behavioural Cyber Defence in the energy sector, discussing the limitations of legacy security approaches and the paramount importance of analysing human behaviour to detect emerging threats to energy delivery systems.

Darktrace was also a Silver Sponsor of the event, and exhibited its revolutionary Darktrace Cyber Intelligence Platform (DCIP), which allows enterprises to detect previously unseen threats in real time.

Darktrace Shortlisted for Two Industry Awards

Thursday February 27, 2014

Darktrace has been shortlisted for two awards at the SC Magazine Awards 2014 Europe, in the categories of Innovation and Rookie Security Company of the Year.

The SC Magazine Awards 2014 Europe honour professionals and enterprises that deliver innovative security technologies. A panel of industry judges from the highest level of the information security profession decided to shortlist Darktrace in two categories of this year's awards.

"We are delighted to be shortlisted for the SC Magazine Awards 2014 Europe," said Andrew France OBE. "Darktrace has experienced an incredible journey since its foundation, thanks to its fundamental innovation of Behavioural Cyber Defence, and we are pleased to be recognised in this way."

UK Power Company Uses Darktrace for Next-Generation Cyber Security

Wednesday February 26, 2014

Darktrace today announces that Drax, the power generation company, has selected the Darktrace Cyber Intelligence Platform for next-generation defence against advanced cyber threats.

Drax is the owner and operator of Drax Power Station, the UK's largest power station. The company currently provides enough power to meet 7-8% of the UK's electricity needs and is in the process of transforming the business into a predominantly biomass-fuelled generator through burning sustainable biomass in place of coal.

Amid a changing threat landscape, Drax is committed to protecting the integrity of its critical systems and information assets. The company wanted to further strengthen its defensive capabilities and implement a sophisticated, intelligence-led approach to give it the ability to outpace potential threats.

Drax selected the Darktrace Cyber Intelligence Platform (DCIP), based on Darktrace's ground-breaking Behavioural Cyber Defence, which is uniquely capable of detecting new, emerging threats within the network in real time. Powered by new Recursive Bayesian Estimation mathematics, DCIP does not require prior knowledge or rules about threats, instead using advanced mathematical modelling to detect ‘unknown unknown' threats in real time.

“Behavioural Cyber Defence technology adds another level of sophistication to our defence systems, and has already identified threats with the potential to disrupt our networks,” said Martin Sloan, Head of Safety and Security, Drax. “It helps us stay ahead of emerging threats and better defend our key systems. We are pleased to be working on cyber innovation with Darktrace's leading self-learning platform.”

“We are very pleased to be working with such a forward-thinking company as Drax,” commented Andrew France, CEO of Darktrace. “Behavioural Cyber Defence is leading the way to a new age of cyber defence that allows organizations to get ahead of emerging threats as they happen. As part of the national infrastructure, Drax is helping protect one of the UK's key electricity production facilities in the most sophisticated and resilient way yet.”

Darktrace Presents at NDI Cyber Security 2014

Friday February 7, 2014

Darktrace presented at the Cyber Security 2014 conference held by defence and security trade organization NDI in Edinburgh yesterday. The conference was chaired by Mark Easton, Home Editor at the BBC.

This event brought together major defence and technology companies to understand cyber threat to the defence supply chain, and share insights into new technologies for mitigating risks from the most advanced and sophisticated cyber attackers.

Darktrace's CEO, Andrew France OBE, discussed the limitations of legacy approaches to information security and the need for intelligence-led cyber security methods, based on ground-breaking Behavioural Cyber Defence.

As silver sponsor of the event, Darktrace also exhibited at the conference, showcasing its revolutionary Darktrace Cyber Intelligence Platform (DCIP), which helps companies around the world to stay ahead of emerging threats in real time.

Darktrace Presents at IET's Cyber Security for Industrial Control Systems

Friday February 7, 2014

Darktrace presented at the Cyber Security for Industrial Control Systems seminar, which took place in London yesterday. The event was hosted by the Institution of Engineering and Technology, and focused on practical developments in cyber security for SCADA and industrial control systems.

Nick Trim, Director of Services at Darktrace, presented the 'New Normal' approach to detecting cyber threat in major energy corporations, emphasizing the need for new self-learning technologies capable of detecting anomalies in human behaviour in real time, as manifested in network activity.

Leading Cyber Expert Andrew France OBE Joins Darktrace

Friday January 31, 2014

Darktrace, the leader in intelligence-led Behavioural Cyber Defence, has announced that Andrew France OBE has joined the company as Chief Executive Officer.

Andrew France joins Darktrace from his position as Deputy Director for Cyber Defence Operations at GCHQ, where he was instrumental in formulating the UK's national cyber defence strategy and responsible for both policy and operational delivery.

With extensive experience in delivering technical innovation in high-stake and secure environments, Andrew brings a wealth of unique expertise to Darktrace's executive management team and its customers.

Andrew France said: "Organisations have woken up to the idea that their information is a valuable commodity, and that it must be protected in an intelligent and proportionate way. Defending against yesterday's attack methods just isn't good enough. You need to be able to spot previously unknown threats as they emerge and evolve, from within the network. Quite simply, the tools to do this did not exist before. They do now, with Darktrace."

Stephen Huxter, Chief Operating Officer, said: "We are delighted to welcome Andrew to the team. Andrew's experience of national cyber operations and his understanding of this new era of threat are second-to-none, strengthening Darktrace's position as the leader in intelligence-led, Behavioural Cyber Defence."

Andrew is a registered Incorporated Engineer, an elected member of the Engineering Institution of Great Britain, and a member of the Institute of Engineering and Technology. He was awarded an OBE for Services to the MOD in 2005.

Sir Jonathan Evans and Mark Hughes to Speak at Cyber Defence Executive Forum

Wednesday January 29, 2014

Darktrace is delighted to announce that Sir Jonathan Evans KCB and Mark Hughes will participate in the inaugural Cyber Defence Executive Forum on Tuesday 18th March at the Ritz. This exclusive event is the first to address the growing challenge of insider threat, as well as external threat from sophisticated cyber attackers and state-sponsored groups.

Sir Jonathan Evans, former Director General of MI5, will share unique insights into the current state of cyber threat based on his 33 years at MI5, defending the UK from internal and domestic terrorism and cyber-attacks.

Mark Hughes, CEO of BT Security, is responsible for BT's internal cyber security strategy and practise. He will discuss the implications of the industrialization of the threat landscape for large corporations, and share best practises for protecting critical infrastructures.

"We are delighted that Sir Jonathan Evans and Mark Hughes are supporting the event," commented Steve Huxter, COO of Darktrace. "The Cyber Defence Executive Forum will bring together a truly unique group of experts and allow a realistic and honest discussion of today's threats, taking a new perspective on how to defend against them."

The Cyber Defence Executive Forum will take place at the Ritz on Tuesday 18th March. If you are interested in attending, visit the Cyber Defence Executive Forum, or email [email protected].

Darktrace Hosts Roundtable Event in New York

Wednesday December 11, 2013

Darktrace held an exclusive lunch roundtable event today in New York, following the launch of the flagship cyber defense platform, Darktrace Cyber Intelligence Platform, in the US.

The event, held at The Peninsula Hotel, focused on the need for a radically new approach to the cyber challenge, given the complexity of business operations and networks and the new level of cyber threat that corporations face.

Steve Huxter, Managing Director of Darktrace, co-hosted the lunch together with Rob Sass, Managing Director for North America.

Darktrace Showcases Behavioral Cyber Defense at Cyber Security Summit 2013 in London

Tuesday November 26, 2013

Darktrace exhibited at the Cyber Security Summit 2013 today, a conference attended by some of the most influential minds in the online security sector. The event, which took place at the Queen Elizabeth II Conference Centre in Westminster, allows organizations to exchange insights into cyber security and discuss developments in cyber policy.

As an exhibitor at the event, Darktrace presented its flagship platform, Darktrace Cyber Intelligence Platform (DCIP). DCIP is based on revolutionary technology known as Behavioral Cyber Defense, which utilizes a pioneering form of Bayesian mathematics developed at Cambridge University. Darktrace's cutting-edge technology is uniquely capable of spotting both insider and external threats, by analyzing behavioral patterns in information in real time and detecting 'unknown unknown' threats.

Senior members of Darktrace attended the conference and demonstrated Darktrace's intelligence-led, threat monitoring tool, the Darktrace Threat Visualizer. The Threat Visualizer provides threat analysts and C-level executives with an outstanding visual overview of an organization's global activity and threat level, allowing them to observe and interrupt emerging threats from within the network and reduce risk proportionally.

Darktrace Hosts Cyber Threat Seminar in Milan

Thursday November 14, 2013

Darktrace, the leader in intelligence-led Behavioral Cyber Defense, held an executive seminar in Milan today, to discuss the nature and scale of advanced cyber threats to corporations.

The event was held at the Four Seasons Hotel, Milan, and attended by senior security professionals, representing a broad range of industries.

Corrado Broli, Darktrace's Country Manager, Italy, opened the event with comments on the diversification and sophistication of cyber attackers, outlining the challenge faced by large enterprises today.

In the main presentation, Managing Director Steve Huxter argued that a new era of cyber threat has begun, requiring a fundamentally new approach to the challenge of defending against large-scale cyber-attack.

“Today's threats cannot simply be locked out,” he commented. “We need to monitor subtle behavioral changes in real time and detect new threats as they emerge, in order to stay ahead of changing attack methods.”

Animated discussions focused on large-scale data exfiltration, the challenges of protecting information in geographically distributed environments and Darktrace's unique ability to detect subtle changes in user and machine behavior in order to mitigate risk.

Darktrace Speakers at Risky Business Conference, London

Tuesday November 12, 2013

Darktrace participated in IRM's annual Risky Business conference, which took place at the British Film Institute in London today. The conference brought together professionals from government, business and the information security world to discuss cyber threat to UK business.

Dr Mike Lynch, founder of Invoke Capital, which recently announced its investment in Darktrace, was one of the key speakers at the event. He discussed the limitations of the traditional 'locks and bolts' approach to cyber security and proposed that a fundamentally new approach is required, arguing that businesses should focus on protecting high-value information in a proportionate way, in order to mitigate against major threat.

"It was a great honour to have Mike Lynch speak at Risky Business for the second year running," said David Cazalet, Managing Partner and co-founder of IRM. "Sharing a platform with Alec Ross, Hillary Clinton's technology advisor, and Martin Howard, director of cyber policy for GCHQ, Mike set out a clear and thought-provoking vision for the future of security and presented a new way of addressing the cyber challenge based on behavioral analytics."

Darktrace's Managing Director, Steve Huxter, also participated at the conference, sharing his unique insights into the challenge of growing cyber-crime networks and their sophisticated tactics, during a panel discussion.

"Risky Business provides a great opportunity for industry leaders to come together and discuss risk in an open way," Steve Huxter commented. "It is precisely by acknowledging risk management and threat mitigation as a board-level issue that we can start to re-evaluate our approach to cyber protection in this new era of threat."

Sir Jonathan Evans joins Darktrace Advisory Board

Monday September 16, 2013

Darktrace, the leader in intelligence-led Behavioral Cyber Defense, has announced that Sir Jonathan Evans has joined its Advisory Board.

Darktrace brings a fundamentally new approach to cyber security, based on revolutionary new Bayesian mathematics developed at the University of Cambridge and unique expertise in cyber security intelligence and protecting sensitive information.

Sir Jonathan is the former director-general of the UK's Secret Service, MI5, where he spent thirty-three years focusing on internal and domestic counter-terrorism and cyber-threats.

"As cyber-threats become more sophisticated and better-resourced, we urgently require a new approach founded on unique cyber expertise and pioneering technology," said Sir Jonathan Evans. "Darktrace represents a new thinking around the cyber challenge, which embraces the complexity of our environments and works to protect our most important assets."

"We are delighted to have Sir Jonathan join our Advisory Board," said Steve Huxter, Managing Director of Darktrace. "His unparalleled stature in the field of cyber operations is invaluable, and we look forward to working with him in this new era of intelligence-based cyber defense."

Invoke Capital makes first investment in fundamental cyber security technology

Monday September 16, 2013

Invoke Capital, a technology fund vehicle dedicated to unlocking the potential of European technology, has made its first investment in Darktrace, a cyber security company that offers a new approach to cyber defense based on ground-breaking mathematical research out of the University of Cambridge.

Invoke is a new type of technology investor that combines a deep understanding of technology with financial, commercial and marketing expertise to turn fundamental ideas into real world products, and help them scale.

"We are delighted to announce our first investment in a genuinely innovative company, in such a critical area as cyber security," commented Dr Mike Lynch, founder of Invoke Capital. "Darktrace brings a radically different solution to the challenge of protecting our information in today's environment of cyber-threat. It is an inherently mathematical approach that does not seek to block information flow, but rather understand it, in all its practical complexity and subtlety."

Based on a breakthrough in mathematical research and development at the University of Cambridge, Darktrace's revolutionary technology is anchored on a new branch of Recursive Bayesian Estimation theory. The founders of UK-based Darktrace have a combined seventy years' experience in cyber operations, working with governments, military forces and private companies across the world to keep citizens and critical national infrastructures safe.

Darktrace begins with the premise that a network has already been infiltrated — and that some of the risk might come from a company's own employees. Legacy technologies have focused on protecting assets through a virtual version of putting locks on all the doors and windows, but that is no longer viable in an interconnected world without stifling commercial operations.

Steve Huxter, Managing Director of Darktrace, said, "The threat to companies and institutions from cyber espionage, hacking and spying is real and growing, and needs a sophisticated approach. Our combination of fundamental behavioral technology and expertise in cyber operations at the highest level, means that we offer a solution to the number one agenda item of boardrooms everywhere. This is something that Mike Lynch and the team at Invoke Capital have recognized and we are really pleased to have secured their support."

Media Contacts

Andy Rivett-Carnac
Brunswick Group
Tel: +44 (0)20 7404 5959

Email: [email protected]

Contact Darktrace

Tel: +44 (0)1223 350653
Email: [email protected]

In the News

Read More

Press Releases >
Contact Darktrace >

"Darktrace isn't a boundary system; it works by mathematically analysing normal behaviour on a network."

Willard Foxton, The Telegraph

"Darktrace is interesting because of its back-to-front approach to security... Darktrace provides an appliance that sits in the network and profiles not possible attack vectors, but the network itself, as well as the devices that connect to the network and the network's users."

David Meyer, Gigaom, 2014

Upcoming Events

Monday September 8 - Tuesday September 9
London
Thursday September 18, 2014
New York Hilton Midtown, New York, US

Wednesday October 8 - Thursday October 9, 2014
ExCeL, London

Past Events

Oil & Gas Cyber Security · Houston, July 16 - July 17, 2014
IA14 · London, July 16 - July 17, 2014
Cyber Security Summit 2014 · Tysons Corner, VA, June 5, 2014
e-Crime Congress, France · Paris, June 5, 2014
SC Congress London · London, June 3, 2014
Wall Street Technology Association: Delivering Cybersecurity · New York, April 30, 2014
Infosecurity Europe · London, April 29 - May 1, 2014
Cybersecurity Summit 2014 · Milan, April 9, 2014
Enterprise Security and Risk Management · London, March 25, 2014
Cyber Defence Executive Forum · The Ritz, London, March 18, 2014
Darktrace Cyber Threat Seminar · Rome, February 26, 2014
Cyber Security 2014 · Edinburgh, February 6, 2014
Cyber Security for Industrial Control Systems · London, February 6, 2014
Darktrace Roundtable Event · New York, December 11, 2013
Cyber Security Summit 2013 · London, November 26, 2013
Darktrace Cyber Threat Seminar · Milan, November 14, 2013
Risky Business Conference · London, November 12, 2013

Cyber Defence Executive Forum

The inaugural Cyber Defence Executive Forum, held on Tuesday this week at The Ritz, London, marked the beginning of a fundamental step-change in the industry's narrative around cyber security. The first in a series of Forums, insider threat was given special attention.

The compact afternoon conference was hosted by one of the UK's most experienced and respected cyber experts, Andrew France OBE, former deputy director of cyber operations at GCHQ and now CEO of Darktrace. The Forum was attended by over 80 senior industry leaders in information security, with the purpose of sharing ideas and insights around good defence against cyber threat - rather than chasing after the false ideal of 'security'.

Dr Mike Lynch's opening talk was typically thought-provoking. With his background in research around machine learning and data processing (he is currently heavily involved in new genomic technologies), Dr Lynch brings a fresh perspective to the cyber challenge - at its heart, a data problem.

Comparing current security approaches to the equivalent of a Tuscan hill town — surrounded by walls to keep intruders out and protect the trusted people within — Dr Lynch argued the case for the modern city. Today's prosperous cities and centres of trade have holes in the wall — they are successful because they interact with the outside world and allow the free flow of traffic and people.

As collaboration and interaction are essential to human enterprise and business, Dr Lynch went on to describe what he calls the 'new normal' approach - an immune system for companies. Human beings are kept largely healthy because they have an immune system that is capable of learning what is the 'self' and what is not the 'self', and constantly adapts to its environment and subtle internal changes. Effective cyber defence strategies in today's threat environment need to adopt the same approach — rather than trying in vain to keep all potential threats from entering the network.

"We are deluding ourselves if we think that we know what we are looking for. Attackers are playing a probability game — we need to too" — Dr Mike Lynch

Richard Horne, Partner at PwC, gave an interesting real-life example of cyber compromise at a large corporation that has invested heavily in traditional security tools. Horne argued that we have reached a tipping point where simply trying to block intruders into our networks is no longer effective, and emphasised that understanding our data processes and what normal behaviour in these networks looks like is necessary in order to apply an intelligence-based approach to cyber defence.

Andrew France's keynote developed Dr Lynch's basic premise of a self-learning system to counter evolving threats — one that is based on probability, not certainty. France examined the challenge of complexity, in a world where businesses that rely on large, inter-connected supply chains can no longer define their perimeters or identify their critical data. He also argued that data overload means that useful raw information is underleveraged, overwhelming analysts more than it illuminates them.

Darktrace's behavioural approach was explained to the audience as a self-learning system that uses a mathematical approach to constantly understand how different people and devices behave. France compared this to a car at risk of theft — if a car's internal systems could learn the behaviours of its owner (or owners), including things like how they change gear, their preferred seat position and how cautiously or aggressively they drive, then it would be able to identify a different driver with a distinct set of habits and preferences, even if they were in possession of the keys. Darktrace's approach is to learn those different human behaviours, as well as those of devices and the network as a whole, to build up a constantly evolving understanding of what normal behaviour looks like and allow for real-time threat detection.

"It is about behaviour — mathematical behavioural analysis that is self-learning, adaptive and real time" — Andrew France

The Executive Panel opened up a dialogue between delegates and a select group of distinguished industry leaders on a range of topics, including how to communicate cyber security issues to the board, the challenges of integrating cyber defence into all levels of a global organisation and how to manage internal culture around security. Panellists also shared practical insights on approaches that they have tried in their respective sectors.

Sir Jonathan Evans ended the formal presentations on an optimistic note. Total cyber security may be an illusion, with the external and internal threats increasingly diverse and difficult to define, but the work of companies like Darktrace to deliver cutting-edge solutions based on new academic research is helping the modern enterprise develop a more effective response to the challenge. Building up immunity to the changing world around us is going to be our best chance of successfully countering the cyber threat, rather than trying in vain to shut out all would-be attackers and vulnerabilities.

Read More

Upcoming Events >

"If you are swamped in data, you can't raise your head above the parapet — you are fighting battles all the time."

Partners

The Darktrace Partner Program advances Darktrace's mission to deliver next-generation Enterprise Immune Systems technology to global corporations around the world, in response to the increasing challenge of serious, sophisticated cyber threats.

Our valued relationships with reseller partners are essential to providing a quality and comprehensive service to our customers. We ensure that all our partners have access to our premium technical cyber experts and full training and support.

Want to become a Darktrace partner?

Darktrace hand-selects its partners and works closely with them to ensure successful collaborations. If you are interested in becoming a Darktrace partner, please email us at [email protected].

Read More

Enterprise Immune Systems >
Darktrace Cyber Intelligence Platform (DCIP) >
Technical Excellence >
Contact Darktrace >

Proof of Value

Darktrace is proven to find genuine anomalies, and detect emerging threats that have evaded other security tools, thanks to its advanced mathematical approach to cyber defense.

To prove this, Darktrace offers its prospective customers a Proof of Value (POV) pilot that allows them to evaluate the value of its pioneering cyber solution, Darktrace Cyber Intelligence Platform, and understand why some of the world's largest organizations rely on its ground-breaking Enterprise Immune System technology to regain the advantage against both high-end attackers and non-malicious threats.

Why do a Proof of Value?

1. Find Anomalies That You Didn't Know Existed

Powered by the world's leading research and development into machine learning and probabilistic mathematics, Darktrace Cyber Intelligence Platform represents the most advanced technology to deliver 'immune system' defense in the new era of cyber threat. DCIP will find real threats and events of concern — both pre-existing and emerging — that have not been detected by any other security tool.

From day one, DCIP will spot any unusual activity that it judges to be worthy of investigation, meaning that organizations benefit from immediate 'immune system' protection. Due to its fundamentally new ability to self-learn, and adapt to changing environments, DCIP also constantly refines its understanding, becoming incrementally more accurate in its ability to detect what constitutes a real threat to the organization.

2. Trial Darktrace's Threat Visualizer for a Unique, Global Overview

During a POV, you will gain unique access to Darktrace's flagship 3D threat visualization interface, the Threat Visualizer. Representing a fundamental innovation in 3D visualization techniques, the Threat Visualization is the only visualization tool of its kind, providing a fully interactive, graphical representation of your entire network topography, including data flows and connections within and outside of the network and the ability to play back sequences of time and investigate emerging anomalies in depth.

Your threat analysts and security professionals will have exclusive access to the Threat Visualizer during the POV, giving them a tailored overview of their operational environment and providing real-time alerts and visualization of events of interest and threats, based on DCIP's unique detection of previously-unidentified anomalies.

3. Get Exclusive Access to Darktrace's Cyber Specialists

Darktrace's world-leading mathematical and machine learning approach is combined with the expertise of the world's leading intelligence and cyber security specialists to deliver the new era of cyber defense. A POV will give you access to senior security specialists, who have proven track records in managing with national governments' cyber defense strategies, as well as in-depth technical understanding of threat manifestations and the cyber kill chain. Our cyber specialists' unparalleled operational expertise will help you analyze and investigate potential threats and evaluate evolving anomalous scenarios, as well as advising your team on best strategies to mitigate any in-progress attacks that are uncovered during the POV.

Furthermore, our Cyber Security Specialists will provide you with a highly-valuable weekly Threat Intelligence Report, a must-read document for executives that distils the findings of the DCIP, provides an overview and expert evaluation of the most important events that have been identified during the week and provides advice on any actions that should be taken as a result.

How does it work?

Stage One — Data collection

DCIP looks at raw network traffic, using proprietary Darkflow full network data capture, which allows full visibility into your organization's interactions and communications. This data is collected by one of the following methods:

Stage Two — Installation of DCIP appliance

Easy installation of a single appliance — this will take 2 hours and take up 2U of space.

Stage Three — Passive data analysis

Darktrace passively ingests raw network data, meaning that it stays on-premise and is never sent to the cloud or any third parties. We recommend installing a VPN connection to enable full support from Darktrace's Cyber Security Specialists.

POV Timescale

What resources do I need?

If you are interested in starting a Proof of Value with Darktrace, email [email protected].

Anomaly Study

Context

Online security was of paramount importance to this large UK company, especially in the wake of its migration to a web-only services business. The company had heavily invested in network and cyber security technologies prior to selecting Darktrace Cyber Intelligence Platform (DCIP). 1,500 devices, over 850 users and the entire corporate network are continuously analyzed and modeled by Darktrace's Enterprise Immune System technology.

What Darktrace Detected

Within the first week of installation, a piece of malware was detected that had presented false information to the company's anti-virus tool. The malware's sophisticated ability to morph and evolve inside the network meant that boundary and host-based security systems had not spotted the attack.

On being alerted to the existence of the attack, immediate remedial action was taken to curb it. It was thought that the attack had been completely eradicated however, the week after, a machine was seen by Darktrace communicating with the attack egress infrastructure. Whilst there was no evidence of beaconing to the central server, data was being sent to the covert egress channel. No other security tools saw this activity, because naturally they did not have a specific rule to cover this particular set of circumstances.

Based on the evidence, it became a distinct possibility that a dormant back door, set up by the original attackers, had been activated in response to the recent clean-up operation. In addition, Darktrace detected that a set of user credentials were entered into a machine that belonged to a different user, which could have been malicious.

Seven days passed without any event of interest. Then, Darktrace detected an abnormal communication with servers in Ukraine and Lithuania and a period of password-guessing. The volume of data being sent over indicated that the activity was not user-generated but the result of machine behavior. In addition, one machine was seen navigating to a site that provides a virtual Cyrillic keyboard, which could have been the activity of a legitimate user but also raised the possibility of a remote attacker changing keyboard to type commands on a UK language layout.

In the same week, another machine was observed establishing encrypted sessions to an internet domain associated with serving targeted online advertisements. This domain provides additional software that is injected into the browser of the host machine. While it is likely that this constituted unwanted software tunneling advertisement-related data to the device, it was nevertheless noted as a potential source of further unknown capabilities.

Subsequently, a computer was seen connecting to servers in Russia with encrypted connections. The same machine was also exhibiting behavior that was identified as a known attacker technique, where the attacker tries to identify themselves to the outbound server to prevent legitimate users also accessing it. This abnormality was compounded by the fact that a second machine started to behave in exactly the same way just moments later.

The Darktrace Difference

Darktrace was able to see the malware immediately, even though it pre-dated the installation of the Darktrace appliance, because DCIP observed that an unusually large volume of traffic was being generated by the Trojan, as well as detecting potential ingress and egress activity that fell outside the pattern of normality established for the organization at that time.

Examples of the ingress and egress activity included a host connection to a server that responded by sending over 1MB of obfuscated data, likely to be tasking information from the attack and potentially including further tool sets to enable persistence.

Darktrace's probabilistic approach to cyber analysis is uniquely capable of combining and correlating probabilities based on the evidence that it sees. This mathematics-driven model allows Darktrace to alert based on a combination of weak indicators — such as a connection to Ukraine, communications to unusual web domains, or the injection of software into a web browser — and piece them together to form a compelling picture that allows threat analysts to mount an investigation.

As other anomalies, or events of interest, are added to the picture, Darktrace refines its understanding of what is normal and abnormal, enabling it to calculate the risk of threat to a high level of accuracy, and manifest this threat level in real time.

Case Studies

Major European Power Infrastructure Company

One of the largest power generation and infrastructure companies is using Darktrace's self-learning Enterprise Immune System technology to counter sophisticated threats within its internal systems. Darktrace Cyber Intelligence Platform allows it to identify potential intrusions and irregular activity in real time and take action to mitigate against emerging risk.

Read the Case Study >>

European Financial Services Leader

One of the top three building societies in the UK and a leading European financial services company uses Darktrace to protect against both advanced intruders within their systems and potential insider threat.

Read the Case Study >>

Major European Power Infrastructure Company

Overview

Industry

Challenge

Benefits

Background

This leading power infrastructure company provides a significant proportion of Europe's power. It is in the process of switching to the use of biomass generators and is considered one of the most forward-looking organizations in the energy and utilities industry.

Challenge

The energy sector faces a rapidly-evolving threat landscape, in which increasingly sophisticated attackers have been successful in scaling network boundaries and infiltrating extremely sensitive operational systems. The stakes of cyber threats in this field are high, with major implications on the safety and integrity of national critical infrastructure.

Given the wide range of motivations that attackers have, and the looming risk of internal threat, it had become extremely difficult to pre-empt new attackers and anticipate their methodologies. This company needed to be able to identify emerging threats, get ahead of up-and-coming attackers and intervene early in order to better protect its critical data and systems.

Solution

The energy leader decided to implement an 'immune system' approach, because it needed to be able to respond to fresh threats that had not yet been previously identified by other security tools. The company selected Darktrace Cyber Intelligence Platform (DCIP), powered by Enterprise Immune System technology, in order to benefit from a self-learning system that does not require a priori knowledge in order to identify threats, but which instead forms an adaptive understanding of normality and abnormality within its data systems.

The ability to constantly adapt to a rapidly evolving information environment in real time was critical to the company, as it needed to be able to intervene early in potentially dangerous situations. Based on Bayesian probabilistic mathematics, developed at the University of Cambridge, DCIP was deployed into the company's internal systems in order to learn normal behavior for every user, device and network and immediately detect anomalous behavior as it manifests itself.

The company is also using Darktrace's cutting-edge Threat Visualizer for a graphical 3D overview of its entire internal network, which visually represents threat levels at any one time, and facilitates the dynamical investigation and mitigation of potential problems.

Benefits

Darktrace has quickly become a fundamental part of this energy leader's cyber security strategy, given its unique probabilistic approach and ability to detect emerging threats before they wreak significant damage.

On deploying Enteprise Immune System technology, the company was quickly alerted to potential intrusions within its systems that had already bypassed its other security tools. Following an easy implementation process, it now uses Darktrace to continuously analyze the overall health of its system and to spot irregular activities that have a high probability of being either malicious, dangerous or non-compliant.

The company benefits from the most advanced cyber defense technology available today to protect itself against the most insidious attacks that jeopardize its critical infrastructure systems, whether those threats come from the inside or outside of its organization.

European Financial Services Leader

Overview

Industry

Challenge

Benefits

Background

This company is a leading mutually-owned financial services provider, with nearly 2 million members.

Challenge

The financial services sector not only faces the risk of data loss and leaks, but also the danger of their information and systems being unknowingly compromised, either by outsiders that have infiltrated their networks or by insiders.

Whilst traditional security tools focus on the boundaries of the network, it has become clear that it is not possible, practical or desirable to 'lock up' information systems from pervasive risks. This company wanted to be able to take action against advanced threats and potential issues from within their organization, before they escalate to become more challenging problems.

Solution

This leading building society decided to employ Darktrace's unique Enterprise Immune System technology to address the combined challenge of external and internal threats. Darktrace Cyber Intelligence Platform, powered by ground-breaking Bayesian probabilistic mathematics developed at the University of Cambridge, is the only solution capable of detecting unusual behaviors in real time, without any a priori knowledge of what it is looking for. DCIP's self-learning ability means that it is constantly refining its probability calculations, based on the evidence that it sees from the organization, at the level of each device, user and the network as a whole.

This company uses Darktrace's world-leading 3D threat visualization tool as well, the Threat Visualizer, to allow it to instantly respond to in-progress threats. The Threat Visualizer allows the company's analysts to better understand what is happening within their information systems and focus on mitigating the most important risks that are evolving in real time.

Benefits

Within weeks of implementing Darktrace, this financial services leader was alerted to a number of anomalies that were unknown to their security team and unseen by its existing security tools.

Firstly, Darktrace detected indications of a potential reconnaissance mission, the early stage of an attack when an attacker looks around its target environment for vulnerabilities. Password guessing was taking place on a secure link and this activity was flagged as anomalous, according to Darktrace's dynamic understanding of the organization.

Darktrace also spotted a set of user credentials trying to authenticate into devices across the network over a 24-hour period, as well as one machine that was conducting port-scanning. Both these events were judged to be highly irregular by DCIP too, and therefore were exposed in the Threat Visualizer in real time as potential anomalous issues.

The customer was able to immediately investigate these early indicators of in-progress attacks, giving them the benefit of time, understanding and Darktrace's unique specialist expertise in order to mitigate against mounting risk and curb their damaging missions.

Financial Services

As one of the fastest-moving and most complex industries, the financial services sector relies on the benefits of the internet and web-based information systems to function. As such, the industry is constantly innovating, developing new technologies and evolving to adapt to a changing regulatory environment.

Amid these challenges, a prime concern is the ability to defend against serious cyber-attacks perpetrated by sophisticated and intelligent threat actors, both from within the organization or from the outside. The situation has escalated rapidly to the boardroom and constitutes a top priority across the sector.

Insider threat

Insider threat is a large yet underestimated problem for the financial services industry. With large, global workforces, sizeable contractor personnel and extensive supply chains, it is increasingly challenging to control and track exactly who has access to corporate networks.

Edward Snowden showed that even the best-defended organizations in the world are vulnerable to lone individuals who, with a little know-how, are capable of destroying public trust, the integrity of critical data and the ability of the targeted organization to function.

Data integrity

While we hear a lot about data breaches, data loss and IP theft, we now live with the possibility that data can be changed somehow, without the owner or guardian of that data knowing about it. The entire trust of the customers of financial products and the wider public has been put in jeopardy in the new era of sophisticated threat — what happens when 500,000 bank account balances are changed, but you don’t know which ones? It is critical that we look beyond website attacks and data being stolen, and take stock of the larger risk around trust in data and the responsibility that data guardians have in maintaining it.

Darktrace in the financial services industry

Darktrace is the only cyber defense company that addresses both insider and external threats. Assuming that the infiltration of the corporate network is always a possibility, Darktrace uses powerful, probabilistic mathematics to analyze all internal communications and interactions that are happening at any moment in time, delivering real-time detection of emerging anomalies.

The financial services industry has transitioned from an outmoded model of security, which was obsessed with external threat, and is moving to an adaptive model that is capable of dealing with the uncertainty and unpredictability implicit in their complex internal systems.

Darktrace delivers this next generation of cyber defense capability through its unique ability to self-learn and identify new attack or threat behaviors, even when they bypass all other security tools. Instead of a flood of false positives, Darktrace gives security and threat analysts the ability to see and investigate suspicious activity — whether from an insider or a state-sponsored espionage group — and intervene early in their attack mission.

Read More

Industries: Energy & Utilities >
Industries: Healthcare >
Industries: Retail >
Industries: Telecommunications >
Industries: Government and Defense >
Industries: Legal Sector >

"[Cyber risk] is a rapidly rising area of risk with potentially systemic implications. It calls for a system-wide response"

Andy Haldane, Director of Financial Stability, Bank of England, 2013

Energy & Utilities

Cyber security has been a top priority for the energy and utilities sector for some years, given the high-profile attacks that we have seen across the globe against large companies, despite their heavy investment in security.

Complex industrial control systems and large, global internal networks are crucial but have opened up energy infrastructure companies to major vulnerabilities and the risk of crippling attacks that wreak major operational damage, as well as causing loss of competitivity and reputational problems.

Nation states remain a key concern for this sector, but the threat landscape has hardened and diversified, meaning that a whole range of possible attackers must be considered — from industrialized crime units to political activists, state-sponsored groups to malicious or negligent insiders. The industry has to deal with the unknown all the time as they defend against attackers that are often intelligent, well-resourced and unpredictable.

Darktrace in the energy and utilities industry

Darktrace has a strong presence in the energy and utilities, as part of its key role in protecting key critical national infrastructure providers from today's most advanced and sophisticated cyber-attacks.

The unique ability of Darktrace's Enterprise Immune System technology to self-learn makes it the only way to practically protect against attack vectors that are in permanent evolution, and continually outsmart legacy security tools, including perimeter defenses and intrusion prevention systems.

Some of the world's leading energy and utilities companies rely on Darktrace to keep pace with emerging anomalies and incidents as they evolve within their internal systems. With an Enterprise Immune System in place, these global organizations can respond to threat scenarios and prevent their escalation into extremely damaging attacks. In doing so, Darktrace enables the energy and utilities industry to continue to maintain their interconnected networks and stay close to their employees, supply chain and customers, while benefitting from the adaptive oversight of Darktrace Cyber Intelligence Platform.

Read More

Industries: Healthcare >
Industries: Retail >
Industries: Telecommunications >
Industries: Government and Defense >
Industries: Legal Sector >
Industries: Financial Services >

"As cyber-threats continue to increase in frequency and sophistication, helping critical infrastructure owners and operators across the energy sector identify opportunities to strengthen their own cyber security capabilities is a top priority"

Dr Ernst Moniz, US energy secretary

Healthcare

With the increasing digitalization of healthcare records and medical processes, the industry has become a major target for cyber attackers. According to the Identity Theft Resource Center, data breaches involving healthcare organizations accounted for 43% of all major breaches in 2013.

Data breaches and data compromise

Healthcare organizations hold thousands of confidential data records on their internal systems, including sensitive personal data and patient history. As well as the privacy implications, the threat to this information clearly represents a major reputational hazard for the industry.

Even more serious is the possibility that data of this type can be unknowingly changed. Even minor changes to a patient's blood type or list of known conditions could clearly put entire healthcare systems into a state of chaos and destroy their integrity and ability to operate.

Darktrace in the healthcare industry

Darktrace Cyber Intelligence Platform (DCIP) is the world's leading solution for cyber defense and offers the healthcare industry the means to stay ahead of emerging threat actors that jeopardize the entire sector. Due to its probability-based approach, based on mathematics developed at the University of Cambridge, Darktrace is uniquely able to adapt to the changing information environment environments that the healthcare industry relies on, and detect abnormal behaviors in real time.

Read More

Industries: Retail >
Industries: Telecommunications >
Industries: Government and Defense >
Industries: Legal Sector >
Industries: Financial Services >
Industries: Energy & Utilities >

"The healthcare industry, by far, will be the most susceptible to publicly disclosed and widely scrutinized data breached in 2014"

Verizon Data Breach Intelligence Report, 2014

Retail

The retail sector has been hit by multiple cyber-attacks in recent years. Even the largest companies have fallen victim to increasingly sophisticated attacks that take advantage of extensive supply chains and complex partner networks to compromise internal systems and steal valuable data.

The industry recently experienced the largest data breach on record, where a leading company, despite significant investment in security, saw millions of its customer records expertly moved out of its network — only finding out when it was far too late.

Point of Sale malware incidents are particularly concerning to the retail sector, perpetrated in the main by criminal groups that can quickly convert personal information, and particularly credit card details, into hard cash. A number of cyber-criminal units have already been identified around the world that prey on customer data and use illicit internet platforms to trade it, though direct attribution remains a challenge.

The retail industry relies on ease-of-purchase and a fluid customer experience in an increasingly competitive market, in which more and more consumers are buying online. It is critical that digital card transactions are safe to secure the trust of consumers, and that the ongoing protection of personal data under retailers' guardianship is guaranteed.

Targeting the Weakest Link

The global operations and complex networks that form part of retailers' information infrastructure means that there are multiple points of vulnerability that attacks can target. A classic tactic has been to infiltrate a smaller supply chain company in order to gain access to the main target's systems — and from that point, attackers have been successful in dodging around within the organization and covertly performing their missions.

Whilst some legacy approaches would wish all sources of vulnerability to be closed down, this is clearly not a practical option and does not solve the problem of countering the sophisticated end of the threat spectrum.

Retailers rely on the internet to attract customers and do business, and to connect with suppliers and implement efficient, collaborative business processes, such as electronic billing or contract submission. They need to continue to benefit from these web-based systems, but have the ability to spot when intruders or internal users are exploiting them with malicious intent.

Covert Operations

Cyber-attacks to the retail sector have become more sophisticated. In recent cases, forensic investigations show that the malicious computer code used against credit card readers often includes additional features that are designed to mask the attack. Exfiltrated data collected from card magnetic strips can be cleverly hidden within the target's own network, and is often moved around during peak hours of business where the data transfers are less likely to attract attention.

Before data leaves the network, there are a host of stages that the attacker must go through to perpetrate the attack successfully — it is the highest risk part of their mission. The point of infiltration is no longer relevant — the challenge is to spot when these attack preparations are taking place, by understanding how the attacker's activity differs from the organization's normal pattern of life.

Darktrace in the retail industry

Darktrace helps retailers overcome the challenge of both maintaining the agility of their business operations and protecting valuable corporate and customer data, through its unique ability to detect emerging anomalous behaviors in real time.

Analyzing and correlating multiple weak indicators, ground-breaking Enterprise Immune System technology is capable of forming an accurate and adaptive picture of normality, across every device, user and network within the company, and spotting deviations to the 'norm'.

This self-learning ability means that Darktrace can spot attackers at various stages of their attacks, such as:

The retail industry is embracing technologies that will allow them to stay ahead of evolving, sophisticated attackers — and regain the advantage over them. This means that they cannot expect to pre-define an intruder’s chosen methods of attack, but instead are implementing an immune system approach that will constantly calculate the probability that certain behaviors observed represent genuine threats that should be dealt with, before real damage is done.

Read More

Industries: Telecommunications >
Industries: Government and Defense >
Industries: Legal Sector >
Industries: Financial Services >
Industries: Energy & Utilities >
Industries: Healthcare >

Telecommunications

The volumes of data and complexity of IT infrastructures that telco companies manage and operate are well-known and create major challenges with regards to cyber security. Whilst online systems are increasingly important to the future of the industry, the risks associated with them have caused companies to rethink their security strategy.

As operators continue to modernize, producing more innovative products and services, they have become increasingly vulnerable to attacks that target their web-based infrastructures, and put critical customer services in jeopardy.

In this new era of sophisticated threat, telcos are faced with the challenge of building sustainable IT infrastructures that support their business objectives, such as increasing eCommerce revenues, embracing cloud-based business processes and developing mobile technologies, while safeguarding their data and the integrity of overarching data management and customer service systems.

Telco operators cannot afford to sustain the downtime of networks, applications and services associated with dealing with security incidents, due to the negative impact on operations and brand reputation among customers. While basic security good practices have been widely adopted to try to reduce risk, operators are now increasingly focused on dealing with risk from the inside of their complex networks.

Senior executives are more and more aware of cyber security as a key priority and are moving towards next-generation security technologies that take infiltration for granted. These technologies give them a superior level of protection against the threats that are present within their networks, not only from intruders that have made their way in, but also from insiders of the organization.

Darktrace in telecommunications industry

Darktrace has unparalleled experience in working with and for critical national infrastructure providers, both within the private and public sectors. Our government intelligence experts were critical in formulating national cyber security strategies, focusing on protecting against large-scale, damaging attacks on fundamental service providers.

Thanks to the probabilistic approach of Enterprise Immune System technology, Darktrace helps telecommunication companies instantly focus on emerging threat behaviors that can be curbed and addressed, without flooding them with false positives.

Darktrace focuses within the network and internal systems and has complete, passive visibility of all interactions, analyzing information in real time and detecting anomalies that require investigation. This uniquely allows telco threat analysts with the time and ability to take action against in-progress attacks.

As a self-learning system, Darktrace Cyber Intelligence Platform adapts with the organization, constantly updating and refining its understanding of every device, user and network in order to accurately tell when abnormal behavior is occurring. For telecommunication companies, this can mean the difference between dealing with a threat in the early stages of its attack mission, and clearing up after a major breach has happened, and all the financial, operational and reputational damage that go with it.

Read More

Industries: Government and Defense >
Industries: Legal Sector >
Industries: Financial Services >
Industries: Energy & Utilities >
Industries: Healthcare >
Industries: Retail >

Government & Defense

In this new era of continuously evolving threats, governments and defense companies face the challenge of confronting some of the most serious cyber-attackers. The stakes are high for governments, which rely on the integrity and protection of information for political stability and economic strength, and have a responsibility to citizens and national enterprise to safeguard personal data and intellectual property.

The range of threats is extremely wide, including state-sponsored threats that are looking for political or economic advantage, criminal units with purely financial goals, hactivists with ideological motivations for wreaking damage and lone individuals. Even the most technologically-advanced governments are struggling to stay ahead of advanced threats, when they don’t know where the next threat is coming from.

Insider threat

Edward Snowden demonstrated to the world that even the most stringently defended organizations in the world are vulnerable to insider threat — malicious intent and some level of technical competence can be very dangerous. The key to this attack was that Snowden was a trusted employee, inside the network and privileged with certain access rights. While good security practises can help restrict these rights and ensure that employees and contractors only have access to what is critical for their jobs, the reality is that organizations must trust their staff – and yet they cannot rely on them to take the right decision, every time.

Indeed, the insider threat does not need to be at the level of an Edward Snowden to do serious damage. Without malicious intent, your own staff can expose you to major vulnerability — they may side-step corporate security policy in order to do a job quicker, or they may be subtly targeted and click on a link that they shouldn't. It is impossible to control many of these incidents, and yet the implications can be very serious.

Darktrace in Government and Defense

Governments are facing up to a new, more dynamic threat landscape, where would-be attackers operate under multiple guises, and change quickly and subtly. Darktrace works with governments and national critical infrastructure providers to analyze information environments on an ongoing basis, implementing an Enterprise Immune System that is capable of detecting subtle changes in behaviour and seeing anomalous activity before it fully materializes as an attack.

Darktrace has a unique heritage in government intelligence — our experts have decades of experience in cyber defense for national security, working in high-risk, environments in the US and UK. This unrivalled experience means that Darktrace is uniquely placed to assist governments and defense organizations in protecting their critical assets and support security operation teams, including SOCs, to help empower security analysts. Powered by its self-learning intelligence platform, Darktrace's Threat Visualizer can be used by a range of personnel, from junior to expert security analysts, and helps them investigate cyber incidents at the beginning of the attack lifecycle — while there is still time to act and avoid serious damage.

Industries: Legal Sector >
Industries: Financial Services >
Industries: Energy & Utilities >
Industries: Healthcare >
Industries: Retail >
Industries: Telecommunications >

Contact

Darktrace is a rapidly-expanding company. We have offices across Europe and the U.S., with our headquarters in Cambridge, UK, where the company was founded. Find your nearest office below.

London

80 Pall Mall
London
SW1Y 5ES

Email: [email protected]

Cambridge

Broers Building
21 JJ Thomson Avenue
Cambridge
CB3 0FA

Tel: +44 (0)1223 350653
Email: [email protected]

If you are interested in a career at Darktrace, please visit our Careers page or email us.

Email: [email protected]

If you are interested in becoming a Darktrace partner, please visit our Partners page or email us.

Email: [email protected]

Learn more about Darktrace's unique approach by requesting the Darktrace Technology White Paper.

Media Contacts

Andy Rivett-Carnac
Brunswick Group

Tel: +44 (0)20 7404 5959
Email: [email protected]