The Industrial Immune System is a fundamental AI platform for OT cyber defense. The self-learning technology passively learns what ‘normal’ looks like across OT, IT and industrial IoT.
This intelligent understanding allows it to recognize even subtle signals of emerging cyber threats in real time. The technology is protocol agnostic and can be deployed across a range of OT environments, providing full coverage of the organization without disrupting daily operations.
Unified View Across OT, IT, and IoT
Through its intuitive Threat Visualizer interface, Darktrace gives security teams an instant overview of their diverse digital infrastructure, enabling operators to proactively investigate cyber-threats and specific areas of the ICS.
With Darktrace’s self-learning AI, operators can visualize every user, device, and controller in the network and identify novel threats and insiders in real time.
Cyber AI for OT Environments
The Industrial Immune System is uniquely capable of learning ‘normal’ for radically different technologies and deployment types, from decades-old PLCs to distributed sensors and industrial IoT. This allows Darktrace’s self-learning AI to secure the full range of OT-centric environments and organizations:
By monitoring from a central location, and deploying small probe appliances into substations, Darktrace protects entire power grids and utility systems. Regardless of network topology, Darktrace can provide complete visibility of RTUs and remote OT across all substations and compressors. The technology models and compares behavior of control system devices across all sites, detecting threats at the substation level, for both remote and local physical compromise. Several leading energy and utilities industry providers, including the UK’s largest coal power station, Drax, have deployed Darktrace’s Industrial Immune System to protect their OT and IT infrastructure.
The modern factory contains a large degree of interconnectivity between OT and IT systems, as well as new technologies such as robotics and IoT sensors. Darktrace can model and understand all forms of network communication, from ongoing regular PLC traffic, to distributed IIoT sensor grids. ZPower, the leading manufacturer of rechargeable micro-batteries have deployed Darktrace appliances in both the control system and the business network. They are provided with a single point of analysis, allowing security personnel to monitor all network activity from a central location.
Whether upstream, midstream, or downstream, Darktrace can be deployed to protect oil and gas production and transportation. Remote deployments on rigs can include local modeling and analysis, as well as central correlation for security monitoring of all assets. Darktrace appliances can support low-bandwidth and inhospitable environments through the use of ruggedized industrial probes. With Darktrace’s Industrial Immune System, the entire infrastructure is visualized and protected, including Industrial IoT and ICS.
As cities become more digitized, municipal authorities are increasingly responsible for maintaining and protecting a wide range of IoT and OT devices. Whether from the cloud or locally, Darktrace can monitor the communications from edge devices to provide real-time visualization and protection for smart city infrastructure. Darktrace can build behavioral models for all forms of IoT devices — regardless of protocol or vendor — to understand normal behavior of millions of disparate endpoints. At the City of Las Vegas, Darktrace AI has been deployed for real-time threat detection and response across their hybrid cloud and industrial networks.
Darktrace can protect both shore-based port infrastructure and shipping fleets. By using either physical or virtual monitoring of individual ships, entire fleets can be visualized and defended from the mainland. Modern ship networks are often hybrid OT and IT environments, containing a wide range of systems from crew and passenger internet services, to ship automation and navigation systems. Deployed by leading maritime organizations such as Harwich Haven Authority, Darktrace probes can relay telemetry over low-bandwidth satellite uplinks to provide real-time visibility and investigation.