Darktrace Enterprise is Darktrace’s flagship AI cyber defense solution. It combines real-time threat detection, network visualization, and advanced investigation capabilities in a single unified system that is fast and easy to install.
Using proprietary machine learning and AI algorithms, Darktrace Enterprise works by passively analyzing raw network traffic to form an evolving understanding of ‘normal’ for every user, device, and subnet in an organization. Without presuming to know in advance what activity is ‘malicious’ or not, Darktrace Enterprise independently learns to detect significant deviations, and immediately alerts the organization to emerging threats – from subtle insiders and low-and-slow attacks, through to automated viruses like ransomware.
Installation of Darktrace Enterprise is extremely fast, typically taking up to one hour for an initial deployment. The technology immediately starts analysis when installed, producing results within hours and days. No manual configuration or tuning is required, as the system adapts to new environments, user behaviors or business trends, while learning on the job.
Darktrace’s world leadership in the field of artificial intelligence for cyber security makes it the most effective and proven solution to detect unprecedented threats and anomalous cyber incidents. Wherever a threat emerges, Darktrace Enterprise detects it in real time, allowing for swift mitigation and remediation.
Darktrace Industrial is a cyber AI defense technology that is specifically developed to detect cyber-threats and latent vulnerabilities in both OT environments, such as SCADA systems, and IT networks. It also provides real-time visibility across both your industrial and enterprise networks, allowing security professionals to gain oversight of all their systems and protect them from cyber-threats as they emerge.
Powered by Darktrace’s core artificial intelligence technology, Darktrace Industrial works by passively monitoring network traffic across OT and IT, automatically modeling the ‘pattern of life’ for every user, device and controller in the system. In doing so, it learns ‘normal’ behaviors and can then identify potential problems or cyber-threats at a very early stage, before they escalate into a crisis or cause material harm.
Crucially, Darktrace Industrial’s self-learning approach means that it can learn ‘normal’ behavior, irrespective of the type of proprietary protocol or industry application. Without manual tuning, bespoke development or special configuration, the technology adapts to the environments and systems that it is installed in, and rapidly produces meaningful results.
Because data ingestion is passive, Darktrace Industrial is easy to deploy, and does not disrupt normal functioning of critical ICS, including industrial plants and machinery.
Darktrace Cloud delivers Darktrace’s world-leading cyber-threat detection and real-time visibility to the cloud, and is compatible with all major cloud providers, including AWS, Google Cloud Platform, and Microsoft Azure.
Seamlessly integrating with Darktrace Enterprise, Darktrace Cloud extends visibility into otherwise unseen parts of your network, giving security professionals rich insights and a real-time overview of activity in the cloud. Whether faced with an insider threat, an attacker targeting data in the cloud, or a significant misconfiguration that could be exploited in the future, Darktrace Cloud helps eliminate blind spots and protect your data, wherever it resides.
Darktrace Cloud is fully configurable, allowing organizations to see all or selected cloud traffic without requiring access to the hypervisor and with minimal performance impact. Available for Linux and Windows, Darktrace Cloud is robust and resilient, providing end-to-end coverage across the digital business.
Darktrace SaaS leverages Darktrace’s self-learning technology to detect developing threats and anomalous behavior in SaaS applications, such as Salesforce, Dropbox, and Office 365.
By accessing log information and rich security insights via APIs, Darktrace SaaS spots genuine anomalies and subtle threats, including highly unusual file changes, user logins, and data transfers.
For example, if an employee starts downloading abnormally large volumes of data or transferring unusual file types, Darktrace SaaS would analyze the behavior against a range of weak indicators and determine whether the activity is anomalous and potentially threatening. Darktrace SaaS interacts seamlessly with SaaS applications via HTTPS requests, allowing user interactions to be processed and monitored in real time, whether they originate inside the network or from remote locations.
Darktrace SaaS covers all major SaaS providers, including Salesforce, Box, G Suite, AWS, Dropbox, Egnyte, and Microsoft Office 365.
Darktrace Antigena is the first and world’s leading Autonomous Response solution. Powered by award-winning Cyber AI, it responds to cyber-attacks in a matter of seconds – when security teams are overwhelmed or simply aren’t around.
Powered by self-learning AI
- Darktrace understands what’s a threat, and what’s not
- Precise reaction to an attack, without disrupting the organization
Reacts in seconds
- Stops an attack spreading in a matter of seconds
- You choose where it acts, and how
- Mobile App notifies you when Antigena has stepped in
Darktrace easily integrates with your existing infrastructure, including SIEM dashboards, SOC environments or any other downstream ticketing and alerting tool. This allows security teams to adopt Darktrace without changing existing business processes and working practices.
Darktrace is compatible with all major SIEMs that support the industry-standard Common Event Format (CEF) and Log Event Extended Format (LEEF). These include providers such as ArcSight, LogRhythm, QRadar and Splunk. Darktrace can also be configured to trigger alerts when the most serious threats are detected.
Darktrace can also support a range of deployment strategies for different Security Operations Center (SOC) environments, from continuous monitoring and alerting, to dedicated threat hunting. Darktrace models define the conditions under which Darktrace will notify an operator of an event. These events are surfaced within the Darktrace Threat Visualizer but may also be issued to external systems or be actively queried via the Darktrace API.
Darktrace’s enterprise-grade API also offers straightforward HTTPS access to all data available within the Darktrace platform. This allows for rapid customized exporting, integration and orchestration of the Darktrace data.