What’s New

Darktrace Antigena

Powered by Self-Learning AI, Darktrace Antigena takes targeted, proportionate actions in response to cyber-attacks, without disrupting day-to-day business.

Arrange trial

Interrupts emerging attacks by enforcing ‘normal’

Constantly updates its understanding of your organization’s ‘pattern of life’

Stops ransomware in under a second

Attacks are interrupted at multiple stages of the attack lifecycle

Targeted and proportionate

Takes precise action to contain the threat, without disrupting normal operations

You can’t predict what the next attack will look like

The hallmarks of an attack are constantly changing. Pre-programmed response tools rely on knowledge of past attacks to stop new threats – meaning they are blind to novel malware and new attack techniques.

Leveraging Darktrace’s dynamic understanding of ‘self’ across an organization, Autonomous Response takes appropriate actions that stop new and sophisticated threats from developing, without disrupting normal business operations.

Why Autonomous Response has become critical

Attacks are getting faster
‘Smash and grab’ tactics are rising again
Deliberate ‘out of hours’ strikes
Threat actors attack at weekends, when they know human response times are slower
Disruption is not an option
Stopping cyber-threats cannot come at the expense of normal operations
Overstretched security teams
Incidents are not discovered until it is too late
Takes the least aggressive action needed

Its evolving, real-time knowledge of your digital estate enables Darktrace Antigena to target only the malicious behavior, allowing normal activity to continue. As time goes on, it continues to monitor the incident in case the attacker changes tactics and further intervention is needed.

Build trust in the AI

Antigena can be configured to suit your security maturity and business needs. As the AI becomes familiar with the digital environment and the user builds trust in the decision-making, many operators switch from Human Confirmation to full Autonomous Mode within weeks.

Stops attacks at every stage

Cyber-attacks like ransomware have multiple stages – and Antigena intervenes at every step: from initial intrusion (via email phishing or a malicious software download) to lateral movement, data exfiltration and encryption.

Actions that Antigena can take include:

  • Blocking unusual connections
  • Locking links and attachments in email
  • Forcing SaaS account logouts across multiple devices
  • Enforcing the ‘pattern of life’ of a device
  • Quarantining endpoint devices where necessary

Darktrace Antigena operates across your entire digital estate

Neutralizes the full range of cyber-threats that have breached your perimeter, including ransomware and ‘unknown unknowns’.
Neutralizes fast-moving threats in AWS, Microsoft Azure, and other cloud infrastructure.
Takes autonomous, targeted action to neutralize advanced phishing and spoofing, including supply chain attacks.
Responds to account takeovers and data loss in cloud applications like SharePoint and Microsoft Teams.
Protects employees wherever they are in the world, taking action to contain threats targeting endpoints operating outside of the network and VPN.
Antigena can stop attacks that may go on to disrupt cyber-physical operations by intervening at the higher levels of the Purdue model, where desired.

Stay in the loop with the Mobile App

Full oversight of Antigena’s actions is provided through Darktrace’s Threat Visualizer interface, and via the Darktrace Mobile App.