Darktrace Enterprise

Detects and classifies cyber-threats across your entire enterprise

Darktrace Enterprise is Darktrace’s flagship AI cyber defense solution. It combines real-time threat detection, network visualization, and advanced investigation capabilities in a single unified system that is fast and easy to install.

Using proprietary machine learning and AI algorithms, Darktrace Enterprise works by passively analyzing raw network traffic to form an evolving understanding of ‘normal’ for every user, device, and subnet in an organization. Without presuming to know in advance what activity is ‘malicious’ or not, Darktrace Enterprise independently learns to detect significant deviations, and immediately alerts the organization to emerging threats – from subtle insiders and low-and-slow attacks, through to automated viruses like ransomware.

Installation of Darktrace Enterprise is extremely fast, typically taking up to one hour for an initial deployment. The technology immediately starts analysis when installed, producing results within hours and days. No manual configuration or tuning is required, as the system adapts to new environments, user behaviors or business trends, while learning on the job.

Darktrace’s world leadership in the field of artificial intelligence for cyber security makes it the most effective and proven solution to detect unprecedented threats and anomalous cyber incidents. Wherever a threat emerges, Darktrace Enterprise detects it in real time, allowing for swift mitigation and remediation.

Key Benefits

Catches novel threats before they do damage
Learns ‘on the job’ and continuously adapts in light of new evidence
Complete visibility across your digital infrastructure
Installs in one hour, no manual tuning required
Darktrace is a market leader that provides a strong example of leveraging artificial intelligence.
Request Darktrace Discoveries 2018
Download Darktrace Enterprise: Product Overview
With a new threat to face every day, traditional tools designed to spot known threats are no longer sufficient.
Scott Clark, Associated VP of IT & Information Security, Inphi

Darktrace Industrial

100% visibility and real-time threat detection for industrial networks

Darktrace Industrial is a cyber AI defense technology that is specifically developed to detect cyber-threats and latent vulnerabilities in both OT environments, such as SCADA systems, and IT networks. It also provides real-time visibility across both your industrial and enterprise networks, allowing security professionals to gain oversight of all their systems and protect them from cyber-threats as they emerge.

Powered by Darktrace’s core artificial intelligence technology, Darktrace Industrial works by passively monitoring network traffic across OT and IT, automatically modeling the ‘pattern of life’ for every user, device and controller in the system. In doing so, it learns ‘normal’ behaviors and can then identify potential problems or cyber-threats at a very early stage, before they escalate into a crisis or cause material harm.

Crucially, Darktrace Industrial’s self-learning approach means that it can learn ‘normal’ behavior, irrespective of the type of proprietary protocol or industry application. Without manual tuning, bespoke development or special configuration, the technology adapts to the environments and systems that it is installed in, and rapidly produces meaningful results.

Because data ingestion is passive, Darktrace Industrial is easy to deploy, and does not disrupt normal functioning of critical ICS, including industrial plants and machinery.

Key Benefits

Passively learns ‘self’ in real time
Detects all forms of threat and vulnerability
Provides a unified view across OT, IT, and IIoT
Protocol and technology agnostic
Darktrace identified threats with the potential to disrupt our networks. It helps us stay ahead of emergent threats and better defend our key systems.
Martin Sloan, Group Head of Security, Drax
Darktrace Industrial’s combination of genuine AI and unprecedented visibility heralds a new future for proactively defending OT environments.
Michael Sherwood, Director of Technology and Innovation, City of Las Vegas
Find out more at www.darktraceindustrial.com
Download our Industrial Immune System Data Sheet
Request our Industrial Control Systems White Paper

‘Immune System’ Cyber Security for SCADA Systems

by Simon Fellows, Technical Director, Darktrace

This Engineering and Technology Reference report provides detailed technical insight into how Darktrace works across operational technology environments and in SCADA systems.

Request ‘Immune System’ Cyber Security for SCADA Systems

Darktrace Cloud

Self-learning cyber AI in the cloud

Darktrace Cloud delivers Darktrace’s world-leading cyber-threat detection and real-time visibility to the cloud, and is compatible with all major cloud providers, including AWS, Google Cloud Platform, and Microsoft Azure.

Seamlessly integrating with Darktrace Enterprise, Darktrace Cloud extends visibility into otherwise unseen parts of your network, giving security professionals rich insights and a real-time overview of activity in the cloud. Whether faced with an insider threat, an attacker targeting data in the cloud, or a significant misconfiguration that could be exploited in the future, Darktrace Cloud helps eliminate blind spots and protect your data, wherever it resides.

Darktrace Cloud is fully configurable, allowing organizations to see all or selected cloud traffic without requiring access to the hypervisor and with minimal performance impact. Available for Linux and Windows, Darktrace Cloud is robust and resilient, providing end-to-end coverage across the digital business.

Key Benefits

Detects threats in the cloud at an early stage
100% visibility into your cloud environment
Unified view across your cloud and on-premise network
Installed via lightweight, non-intrusive sensors

Compatible with major hosting services, including:

When we activated Darktrace Cloud, it was like flipping on a switch in a dark room.
Damien Marle, Director of IT, TRJ Telecom

Darktrace SaaS

Extends self-learning cyber AI to SaaS

Darktrace SaaS leverages Darktrace’s self-learning technology to detect developing threats and anomalous behavior in SaaS applications, such as Salesforce, Dropbox, and Office 365.

By accessing log information and rich security insights via APIs, Darktrace SaaS spots genuine anomalies and subtle threats, including highly unusual file changes, user logins, and data transfers.

For example, if an employee starts downloading abnormally large volumes of data or transferring unusual file types, Darktrace SaaS would analyze the behavior against a range of weak indicators and determine whether the activity is anomalous and potentially threatening. Darktrace SaaS interacts seamlessly with SaaS applications via HTTPS requests, allowing user interactions to be processed and monitored in real time, whether they originate inside the network or from remote locations.

Darktrace SaaS covers all major SaaS providers, including Salesforce, Box, G Suite, AWS, Dropbox, Egnyte, and Microsoft Office 365.

Darktrace software flags malicious behavior that deviates from the norm within cloud-integrated networks.
Request our Cloud & SaaS White Paper
Request our Cloud & SaaS Product Overview

Key Benefits

Spots emerging threats in SaaS applications
Unified view across SaaS and the enterprise
Allows for secure remote working
SaaS Connectors are installed in minutes

Darktrace Antigena

Autonomous response to in-progress cyber-threats

Darktrace Antigena is the first and world’s leading Autonomous Response solution. Powered by award-winning Cyber AI, it responds to cyber-attacks in a matter of seconds – when security teams are overwhelmed or simply aren’t around.

Powered by self-learning AI

  • Darktrace understands what’s a threat, and what’s not

Surgical response

  • Precise reaction to an attack, without disrupting the organization

Reacts in seconds

  • Stops an attack spreading in a matter of seconds


  • You choose where it acts, and how

Full oversight

  • Mobile App notifies you when Antigena has stepped in
Request our Darktrace Antigena White Paper
Request our Darktrace Antigena Product Overview
Download the City of Las Vegas Case Study
Darktrace Antigena acts faster than any security practitioner could to prevent damage from attacks such as ransomware.
Eric Ogren, Senior Security Analyst, 451 Research

Output Connectors

Integrating Darktrace into your existing infrastructure

Darktrace easily integrates with your existing infrastructure, including SIEM dashboards, SOC environments or any other downstream ticketing and alerting tool. This allows security teams to adopt Darktrace without changing existing business processes and working practices.

Darktrace is compatible with all major SIEMs that support the industry-standard Common Event Format (CEF) and Log Event Extended Format (LEEF). These include providers such as ArcSight, LogRhythm, QRadar and Splunk. Darktrace can also be configured to trigger alerts when the most serious threats are detected.

Darktrace can also support a range of deployment strategies for different Security Operations Center (SOC) environments, from continuous monitoring and alerting, to dedicated threat hunting. Darktrace models define the conditions under which Darktrace will notify an operator of an event. These events are surfaced within the Darktrace Threat Visualizer but may also be issued to external systems or be actively queried via the Darktrace API.

Darktrace’s enterprise-grade API also offers straightforward HTTPS access to all data available within the Darktrace platform. This allows for rapid customized exporting, integration and orchestration of the Darktrace data.