Darktrace Enterprise is Darktrace’s flagship AI cyber defense solution. It combines real-time threat detection, network visualization, and advanced investigation capabilities in a single unified system that is fast and easy to install.
Using proprietary machine learning and AI algorithms, Darktrace Enterprise works by passively analyzing raw network traffic to form an evolving understanding of ‘normal’ for every user, device, and subnet in an organization. Without presuming to know in advance what activity is ‘malicious’ or not, Darktrace Enterprise independently learns to detect significant deviations, and immediately alerts the organization to emerging threats – from subtle insiders and low-and-slow attacks, through to automated viruses like ransomware.
Installation of Darktrace Enterprise is extremely fast, typically taking up to one hour for an initial deployment. The technology immediately starts analysis when installed, producing results within hours and days. No manual configuration or tuning is required, as the system adapts to new environments, user behaviors or business trends, while learning on the job.
Darktrace’s world leadership in the field of artificial intelligence for cyber security makes it the most effective and proven solution to detect unprecedented threats and anomalous cyber incidents. Wherever a threat emerges, Darktrace Enterprise detects it in real time, allowing for swift mitigation and remediation.
- Learns ‘on the job’
- Continuously adapts in light of new evidence
- Catches threats before they do damage
- Real-time and retrospective threat analysis
- Works across on-premise network, virtualized environment, cloud and SaaS
- Installs in one hour
Darktrace Industrial is a cyber AI defense technology that is specifically developed to detect cyber-threats and latent vulnerabilities in both OT environments, such as SCADA systems, and IT networks. It also provides real-time visibility across both your industrial and enterprise networks, allowing security professionals to gain oversight of all their systems and protect them from cyber-threats as they emerge.
Powered by Darktrace’s core artificial intelligence technology, Darktrace Industrial works by passively monitoring network traffic across OT and IT, automatically modeling the ‘pattern of life’ for every user, device and controller in the system. In doing so, it learns ‘normal’ behaviors and can then identify potential problems or cyber-threats at a very early stage, before they escalate into a crisis or cause material harm.
Crucially, Darktrace Industrial’s self-learning approach means that it can learn ‘normal’ behavior, irrespective of the type of proprietary protocol or industry application. Without manual tuning, bespoke development or special configuration, the technology adapts to the environments and systems that it is installed in, and rapidly produces meaningful results.
Because data ingestion is passive, Darktrace Industrial is easy to deploy, and does not disrupt normal functioning of critical ICS, including industrial plants and machinery.
- Passively learns ‘self’ in real time
- Protocol agnostic due to self-learning approach
- Detects insider threat and external attacks
- 100% visibility
- Provides a unified view across OT, IT, and Industrial IoT
Darktrace Cloud delivers Darktrace’s world-leading cyber-threat detection and real-time visibility to the cloud, and is compatible with all major cloud providers, including AWS, Google Cloud Platform, and Microsoft Azure.
Seamlessly integrating with Darktrace Enterprise, Darktrace Cloud extends visibility into otherwise unseen parts of your network, giving security professionals rich insights and a real-time overview of activity in the cloud. Whether faced with an insider threat, an attacker targeting data in the cloud, or a significant misconfiguration that could be exploited in the future, Darktrace Cloud helps eliminate blind spots and protect your data, wherever it resides.
Darktrace Cloud is fully configurable, allowing organizations to see all or selected cloud traffic without requiring access to the hypervisor and with minimal performance impact. Available for Linux and Windows, Darktrace Cloud is robust and resilient, providing end-to-end coverage across the digital business.
- 100% visibility into your cloud environment
- Removes blind spots and protects against emerging threats
- Fully configurable – you choose what cloud traffic to cover
- Installed via lightweight, non-intrusive sensors
Darktrace SaaS leverages Darktrace’s self-learning technology to detect developing threats and anomalous behavior in SaaS applications, such as Salesforce, Dropbox, and Office 365.
By accessing log information and rich security insights via APIs, Darktrace SaaS spots genuine anomalies and subtle threats, including highly unusual file changes, user logins, and data transfers.
For example, if an employee starts downloading abnormally large volumes of data or transferring unusual file types, Darktrace SaaS would analyze the behavior against a range of weak indicators and determine whether the activity is anomalous and potentially threatening. Darktrace SaaS interacts seamlessly with SaaS applications via HTTPS requests, allowing user interactions to be processed and monitored in real time, whether they originate inside the network or from remote locations.
Darktrace SaaS covers all major SaaS providers, including Salesforce, Box, G Suite, AWS, Dropbox, Egnyte, and Microsoft Office 365.
Powered by Darktrace’s multi-award-winning AI, Darktrace Antigena is an autonomous response solution that takes action against in-progress cyber-threats, limiting damage and stopping their spread in real time.
The technology works like a digital antibody, intelligently generating measured and proportionate responses when a threatening incident arises, without impacting normal business operations. This ability to contain threats using proven AI is a game-changer for security teams, who benefit from the critical time needed to catch up and avoid major damage.
Darktrace Antigena works across your business and is offered in two modules: Antigena Network, which takes action in the network and in the cloud, and Antigena Email, which delivers preemptive protection against email-borne attack campaigns.
Proven to protect
Hundreds of organizations rely on Darktrace Antigena to take targeted, real-time actions in response to significant cyber-threats. By enforcing an organization’s normal ‘pattern of life,’ Darktrace Antigena generates and executes actions to stop in-progress ransomware and insider threat, compliance breaches, malware, and other threats, saving the security team valuable time in triaging and responding to threat alerts.
Get started with Antigena
Darktrace Antigena is customizable and controllable, allowing customers to stay in the driving seat, and transition to a fuller use of AI in their enterprise.
The system can be configured in one of two modes to allow for varying degrees of automation. In ‘Human Confirmation Mode,’ Darktrace Antigena generates responses which must be validated by the security team before action is taken. This allows you to build confidence in Antigena’s decision-making before switching to Active Mode, where the system is fully autonomous.
- Takes surgical action to neutralize emerging threats
- Responds faster than any security team can
- Fully configurable – the scope of its actions can be controlled and adjusted
- Does not disrupt day-to-day activity
Darktrace easily integrates with your existing infrastructure, including SIEM dashboards, SOC environments or any other downstream ticketing and alerting tool. This allows security teams to adopt Darktrace without changing existing business processes and working practices.
Darktrace is compatible with all major SIEMs that support the industry-standard Common Event Format (CEF) and Log Event Extended Format (LEEF). These include providers such as ArcSight, LogRhythm, QRadar and Splunk. Darktrace can also be configured to trigger alerts when the most serious threats are detected.
Darktrace can also support a range of deployment strategies for different Security Operations Center (SOC) environments, from continuous monitoring and alerting, to dedicated threat hunting. Darktrace models define the conditions under which Darktrace will notify an operator of an event. These events are surfaced within the Darktrace Threat Visualizer but may also be issued to external systems or be actively queried via the Darktrace API.
Darktrace’s enterprise-grade API also offers straightforward HTTPS access to all data available within the Darktrace platform. This allows for rapid customized exporting, integration and orchestration of the Darktrace data.