What’s New

Adding Cybersprint Attack Surface Management to Darktrace’s expanding product suite

Max Heinemeyer, Director of Threat Hunting | Wednesday February 23, 2022

Today Darktrace announced the acquisition of best-in-class Attack Surface Management (ASM) company Cybersprint. This is hugely exciting for both our companies, our customers and the wider security industry.

After months of meeting with the Cybersprint teams, diving into their technology and shared opportunities, we are truly excited for the way ahead. Cybersprint is a fantastic fit for Darktrace because of their technology, their people and their data. I want to go into those three reasons in a little more detail.

The Technology

We have tested Cybersprint’s technology intensely ourselves and have seen first-hand great benefits in the short, medium and long-term for our customers.

There are three technical requirements to ensure it met Darktrace’s architectural needs:

  1. Unique to each customer; delivering a bespoke perspective of the attack surface of a given organisation by starting just with a brand or domain. No access to sensitive customer data is required. No installation or integration is required to get started.
  2. The analysis of data had to be real-time and continuous. This is critically important for Darktrace’s Continuous Cyber AI Loop. We always operate on real-time data that is continuously updated as things change; so does Cybersprint.
  3. Built-in automation and integration. Cybersprint automates everything possible in Attack Surface Management and integrates with every external data source.

We have already identified several high-impact integration opportunities where Cybersprint and its external data can be additive to Darktrace’s self-learning, internal data; applying this to each area of the Loop.

The People

Thinking about people, Cybersprint has a well-functioning technical team that we welcome with open arms here at Darktrace, to help accelerate our Prevent vision and create something better together.

When we first started meeting with the Cybersprint teams, we immediately noticed that this is a meeting of minds. We both share a vision for cyber security – using smart tech to move the needle in favour of defenders. We both believe that cyber security is not a human-scale problem – this won’t be solved by throwing more humans in the mix. 

Their world-class teams of researchers, ethical hackers and developers are a great addition to our own R&D capabilities in Cambridge, who have a heavy focus on AI. We share many common values across both organizations – such as friends & family first. It is great to have another European research hub that is only a short train-ride or flight away from our Cambridge R&D HQ. It’s important to note that the vast majority of Cybersprint employees are deep technologists.

The Data

Lastly, touching on data, Cybersprint has unparalleled access to attack surface data – basically an up-to-date, continuous copy of the internet. Having access to this data and being able to intelligently analyse it is a huge benefit in itself. 

At Darktrace, we already have complete visibility over the internal data of our customers – their email environment, SaaS data, operational technology, IoT, network, zero-trust and other coverage areas – but being able to combine those data sets and deriving insights from them will further drive breakthrough innovations.

Delivering on a shared vision

To understand why we are so excited about Cybersprint and see it as a great fit, one has to be aware of our technology vision of a closed loop system:

Darktrace is already well-known for its offering in the Detect (Enterprise Immune System), Investigate (Cyber AI Analyst) and Respond (Antigena) areas. As we work towards further augmenting security teams in other areas, we are starting to productize technology that makes it more costly and harder for attackers to succeed – we refer to this area broadly as ‘Prevent’.

Prevent is all about being proactive, hardening your environment and reducing risk. The core technology for Prevent is Attack Path Modeling – feeding Attack Path Modeling with various telemetry and working out the most critical attack paths and chokepoints to remediate.

Darktrace already has complete coverage of an organization’s digital estate from an internal perspective, thanks to our various coverage areas. Our Attack Path Modeling is currently producing powerful results based on an organization’s internal data only – but by adding Cybersprint’s attack surface data and external asset information, we will have complete visibility, internal and external, and bespoke to each individual organization.

While the ASM data in itself is valuable to harden the external attack surface, feeding it into our Attack Path Modeling engine will unlock further capabilities. It allows us to model bespoke, multi-domain, end-to-end attack paths in real time.

Stay tuned

This is the beginning of an exciting journey for both Cybersprint and Darktrace. We look forward to updating you again on the evolution of our upcoming Prevent offering.

In the meantime, feel free to send any questions relating to Cybersprint to

Max Heinemeyer

Max is a cyber security expert with over a decade of experience in the field, specializing in a wide range of areas such as Penetration Testing, Red-Teaming, SIEM and SOC consulting and hunting Advanced Persistent Threat (APT) groups. At Darktrace, Max oversees global threat hunting efforts, working with strategic customers to investigate and respond to cyber-threats. He works closely with the R&D team at Darktrace’s Cambridge UK headquarters, leading research into new AI innovations and their various defensive and offensive applications. Max’s insights are regularly featured in international media outlets such as the BBC, Forbes and WIRED. When living in Germany, he was an active member of the Chaos Computer Club. Max holds an MSc from the University of Duisburg-Essen and a BSc from the Cooperative State University Stuttgart in International Business Information Systems.