The Industrial Immune System

Book a Free Trial

The Industrial Immune System is a fundamental AI platform for OT cyber defense. The self-learning technology passively learns what ‘normal’ looks like across OT, IT and industrial IoT.

This intelligent understanding allows it to recognize even subtle signals of emerging cyber threats in real time. The technology is protocol agnostic and can be deployed across a range of OT environments, providing full coverage of the organization without disrupting daily operations.

Key Benefits

Passively learns ‘self’ in real time
100% visibility across IT, OT, and IoT
Detects all forms of threat & vulnerability
Protocol and technology agnostic
Enterprises that require a cybersecurity solution for IT, OT, and physical environments will find Darktrace an effective tool for real-time advanced threat detection.
Earl Perkins, Managing VP at Gartner

Unified View Across OT, IT, and IoT

Through its intuitive Threat Visualizer interface, Darktrace gives security teams an instant overview of their diverse digital infrastructure, enabling operators to proactively investigate cyber-threats and specific areas of the ICS.

With Darktrace’s self-learning AI, operators can visualize every user, device, and controller in the network and identify novel threats and insiders in real time.

Cyber AI for OT Environments

The Industrial Immune System is uniquely capable of learning ‘normal’ for radically different technologies and deployment types, from decades-old PLCs to distributed sensors and industrial IoT. This allows Darktrace’s self-learning AI to secure the full range of OT-centric environments and organizations:

Energy & Utilities

By monitoring from a central location, and deploying small probe appliances into substations, Darktrace protects entire power grids and utility systems. Regardless of network topology, Darktrace can provide complete visibility of RTUs and remote OT across all substations and compressors. The technology models and compares behavior of control system devices across all sites, detecting threats at the substation level, for both remote and local physical compromise. Several leading energy and utilities industry providers, including the UK’s largest coal power station, Drax, have deployed Darktrace’s Industrial Immune System to protect their OT and IT infrastructure.

Manufacturing

The modern factory contains a large degree of interconnectivity between OT and IT systems, as well as new technologies such as robotics and IoT sensors. Darktrace can model and understand all forms of network communication, from ongoing regular PLC traffic, to distributed IIoT sensor grids. ZPower, the leading manufacturer of rechargeable micro-batteries have deployed Darktrace appliances in both the control system and the business network. They are provided with a single point of analysis, allowing security personnel to monitor all network activity from a central location.

Oil & Gas

Whether upstream, midstream, or downstream, Darktrace can be deployed to protect oil and gas production and transportation. Remote deployments on rigs can include local modeling and analysis, as well as central correlation for security monitoring of all assets. Darktrace appliances can support low-bandwidth and inhospitable environments through the use of ruggedized industrial probes. With Darktrace’s Industrial Immune System, the entire infrastructure is visualized and protected, including Industrial IoT and ICS.

Smart Cities

As cities become more digitized, municipal authorities are increasingly responsible for maintaining and protecting a wide range of IoT and OT devices. Whether from the cloud or locally, Darktrace can monitor the communications from edge devices to provide real-time visualization and protection for smart city infrastructure. Darktrace can build behavioral models for all forms of IoT devices — regardless of protocol or vendor — to understand normal behavior of millions of disparate endpoints. At the City of Las Vegas, Darktrace AI has been deployed for real-time threat detection and response across their hybrid cloud and industrial networks.

Maritime

Darktrace can protect both shore-based port infrastructure and shipping fleets. By using either physical or virtual monitoring of individual ships, entire fleets can be visualized and defended from the mainland. Modern ship networks are often hybrid OT and IT environments, containing a wide range of systems from crew and passenger internet services, to ship automation and navigation systems. Deployed by leading maritime organizations such as Harwich Haven Authority, Darktrace probes can relay telemetry over low-bandwidth satellite uplinks to provide real-time visibility and investigation.

Proven to Protect

Zero-Day Trojan

An employee at an American manufacturer received a phishing email disguised as a Microsoft product, but Darktrace indicated that it was being downloaded from a rare, unidentified source. Whilst this would have caused immense damage to the manufacturing process, Darktrace identified and alerted the threat to the security team, who performed an emergency recompose to remediate the threat within 20 minutes.

Compromised Equipment on the Assembly Line

Several compromised industrial IoT devices on a food manufacturer’s assembly line – including baggers, slicers, and blenders – were infected with malware and attempting to communicate with the attacker. Darktrace AI identified the anomalous behavior as a significant risk, and helped the security team take the compromised devices off the network, preventing the provider’s manufacturing infrastructure from harm.

Malware found in IoT Device

At a private medical institution, Darktrace’s Enterprise Immune System immediately discovered that a medical IoT device used for x-rays had performed hundreds of anomalous activities, many of a potentially serious nature. Further analysis revealed several other security concerns impacting the device, such as likely crypto-mining malware. Darktrace enabled the company to rapidly isolate the device and then conduct a thorough investigation.

Suspicious Downloads and Ransomware Infection

At an integrated oil refiner and supplier, Darktrace identified the first signs of a ransomware infection in the company’s network. A device was found to be making a series of connections to rare external destinations via an internal proxy server, and then downloading malicious files. Darktrace alerted the security team to the highly unusual and threatening pattern of behavior before the infection was able to spread into the OT environment.