What’s New

When attackers strike, Autonomous Response
fights back on your behalf

Fast-moving cyber-attacks like ransomware can strike at any time, and security teams are often unable to react quickly enough. Autonomous Response uses Darktrace’s understanding of ‘self’ to take targeted action to stop in-progress attacks, without disrupting your business.

Responds with surgical precision

Powered by Self-Learning AI, Autonomous Response knows exactly the right action to take, at the right time, to contain an in-progress attack. The actions are precisely calibrated to ensure that the intervention is minimal, avoiding any disruption.

Protects the entire digital estate

Regardless of time or day, or where the attack comes in — through cloud, SaaS, email, or the corporate network — the AI takes precise action to neutralize threats on behalf of security teams.

Buys back time and frees up humans

Autonomous Response gives security teams peace of mind. The AI intervenes in escalating cyber incidents in seconds, and allows your people to focus on higher-value tasks.

Builds cyber resilience over time

When a cyber-threat emerges, Autonomous Response enforces the ‘pattern of life’ of the infected device or entity. Because Self-Learning AI continually enhances its understanding of your digital infrastructure, it constantly improves the precision of its response over time.

“Autonomous Response technology combats the most sophisticated ransomware attacks out there and allows us to continue normal business operations uninterrupted.”
CSO, Sunlife

Contains ransomware at every stage

At the email layer, Darktrace can lock malicious links, convert or strip attachments, or hold emails back. It takes the least aggressive action necessary to contain the threat, without disrupting the business.
Establish foothold and beaconing (C2)
As the attacker attempts remote control, Darktrace detects anomalous connections and suspicious file downloads, enforcing the device’s ‘pattern of life’ or blocking specific connections — even if domains, file hashes and IP addresses have never been seen before.
Lateral movement
Darktrace stops lateral movement – even if the attacker uses ‘living off the land’ techniques – by detecting chains of subtle anomalies which may include unusual SMB/RDP sessions and network scans. It blocks anomalous connections, meaning the attack goes no further.
Data exfiltration
With double extortion ransomware on the rise, Autonomous Response stops attackers from exfiltrating sensitive data data by blocking unusual data transfers that fall outside a device’s ‘pattern of life’.
Data encryption
Autonomous Response stops encryption without impacting normal business operations with action that can be taken independently or via integrations with native security controls.

By understanding how your organization behaves, Autonomous Response stops ransomware at every stage and prevents cyber disruption.

Darktrace Antigena

Autonomous Response is the underlying technology that powers Darktrace Antigena – a product family that takes targeted action to contain cyber-threats wherever they strike – across cloud infrastructure and applications, email systems, endpoints, and the corporate network.

Discover the product