Technology
Products
Resources
Company
English
Technology
Products
Blog
Resources
Company

Darktrace Version 5: Redefining enterprise security with autonomous AI

Dave Palmer, Chief Product Officer

Today’s workforce is more dispersed and mobile than ever before, with critical operations increasingly residing in a diverse patchwork of cloud services and endpoints. This architectural shift has been met by attacks that have scaled up to capitalize on insufficiently protected data and devices, emphasizing the need for enterprise security to be adaptive, autonomous, and ubiquitous.

Increasing demands placed on the SOC have stretched security teams to breaking point, and CISOs now progressively seek to streamline workflows by favoring self-learning enterprise-wide security platforms over disparate and siloed point solutions with limited visibility.

Version 5 offers a series of innovations across Darktrace’s Immune System platform, bringing critical value to security teams grappling with the new normal. This free upgrade for existing customers allows for on-demand automated investigations, supports one-click integrations with a wide range of technologies, and showcases an improved Model Editor that allows security teams to tailor Darktrace even further to their specific business risks.

Darktrace’s Immune System has been enhanced in three critical areas: in the augmentation of its core AI capabilities, in extended coverage to SaaS applications and zero-trust environments, and an open architecture which streamlines workflows across the cyber security stack.

AI augmentation

Last year saw the introduction of new technologies, services, data flows, and topologies. Static rules and signature-based defenses were unable to adapt to changing users and working practices, no matter how diligently and rapidly they were rewritten. We have seen an urgent need for augmentation, and to that end Version 5 enhances Darktrace’s self-learning capabilities across two core areas of the platform: Autonomous Response and AI Investigation.

By containing machine-speed threats like ransomware in seconds, Autonomous Response enables security teams to prioritize strategic work even as the volume and speed of attacks continues to rise. Darktrace Antigena can either take self-directed action or integrate with existing investments, informing third-party systems about in-progress cyber-attacks.

With Version 5, Antigena can now neutralize attacks in a wide variety of SaaS services like Zoom and Microsoft Teams, as well as cloud file storage applications like SharePoint and OneDrive. In cases of account takeover, Antigena can autonomously respond, protecting sensitive data in the cloud without any human intervention.

Cyber AI Analyst also now automates investigations beyond network events to SaaS applications, cloud infrastructure, and cyber-physical systems. Version 5 enables on-demand investigations into users and devices of interest, the ingestion of third-party alerts to trigger new investigations, and seamless integration with any SIEM, SOAR, or downstream ticketing system.

Customers have already found that the new capabilities in Cyber AI Analyst have added substantial value, especially in the ability to launch on-demand investigations and query SaaS data at any time.

Dynamic workforce protection

In addition to the extension of AI-enabled investigations and response, Darktrace Version 5 complements native cloud and SaaS defenses with a range of critical enhancements, including a dedicated SaaS Console, and integrations with Zoom, Okta, Microsoft Teams, Slack, Duo, and more. Equally, new ingestion capabilities for zero-trust technologies enable Darktrace to protect employees wherever they operate.

Figure 1: Dedicated SaaS Console

Customers can also now choose to purchase Client Sensors that extend the Immune System’s visibility of the dynamic workforce on and off the VPN. With Client Sensors, organizations can take Darktrace’s existing real-time analysis and tie it in with risky or malicious behavior that may be occurring off the VPN.

Antigena Email, the world’s first self-learning email security solution, has also been enhanced with Version 5. Not only does the technology detect the subtle deviations in threatening emails that other tools miss, but with text-based summarization, the story behind every email is automatically generated in plain English so that even a non-technical reader can fully understand why specific actions were taken.

Open architecture and interoperability

Flexibility and the ability to integrate with existing enterprise security investments lie at the core of the Darktrace Immune System, and Version 5 extends its open and extensible architecture to seamlessly integrate with your existing investments. New functionality enables customers to enhance and extend their Darktrace deployment via one-click integrations. This includes the ability to immediately extend coverage to new cloud services, and enrich the platform’s analysis with new sources of log ingestion.

Version 5 also sees the introduction of bespoke new interfaces that cover the different areas of the digital infrastructure – from the aforementioned SaaS Console to a specialized OT Engineer View. These inclusions represent an overarching design principle of unification, and the interfaces are harmonized accordingly to facilitate seamless investigations and simplified workflows.

Figure 2: An autonomous investigation into anomalous cloud activity

Our customers are increasingly using the Immune System protect their business across email, SaaS, and industrial systems as well as the corporate network, and Version 5 makes it easier than ever to defend these environments.

Version 5 not only expands the Darktrace Immune System to new areas of the business, but also ensures that this expansion delivers a seamless experience for customers, regardless of where they start their journey with the platform. Delivery and expansion are entirely flexible, with the option of 100% cloud-delivered deployments, or hybrid deployments that cover on-premise and cloud environments.

Enterprise security: Innovating through times of change

As organizations accelerate digital transformation and prepare for the future of work, the ability to quickly adapt and integrate their security defenses will be more critical than ever. And with the new AI augmentation and extended coverage of Darktrace’s core self-learning technology, Version 5 ensures that customers can detect, contain, and investigate threats wherever they arise, without placing any additional burden on security teams.

Find out more about Darktrace Version 5

Dave Palmer

Dave is the Chief Product Officer at Darktrace, overseeing the mathematics and engineering teams and project strategies. With over 13 years’ experience at the forefront of government intelligence operations, Dave has worked across UK intelligence agencies GCHQ and MI5, where he was responsible for delivering mission-critical infrastructure services, including replacing and securing entire global networks, the development of operational internet capabilities and the management of critical disaster recovery incidents. He acts as an advisor to cyber security start-ups and growth-stage companies from the UK Government’s Cyber Security Accelerator and CyLon. His insights on AI and the future of cyber security are also regularly featured in the UK media. He holds a first-class degree in Computer Science and Software Engineering from the University of Birmingham.