The Industrial Immune System

Book a Free Trial

The Industrial Immune System is a fundamental AI technology for OT cyber defense. It works by passively learning what ‘normal’ looks like across OT, IT and industrial IoT, allowing it to detect even the subtlest signals of emerging cyber-threats in real time.

This self-learning technology is protocol agnostic and can be deployed across a range of OT environments, providing full coverage of the organization without disrupting daily operations.

Darktrace passively learns a ‘pattern of life’ for every user, device and controller.

Enterprises that require a cybersecurity solution for IT, OT, and physical environments will find Darktrace an effective tool for real-time advanced threat detection.
Earl Perkins, Managing VP at Gartner

Unified View Across OT, IT, and IoT

Through its intuitive Threat Visualizer interface, Darktrace gives security teams an instant overview of their diverse digital infrastructure, enabling operators to proactively investigate cyber-threats and specific areas of the ICS.

With Darktrace’s self-learning AI, operators can visualize every user, device, and controller in the network and identify novel threats and insiders in real time.

Screenshot of the industrial user interface displaying displaying threats in a prioritized manner across operational technology and information systems.

Cyber AI for OT Environments

The Industrial Immune System is uniquely capable of learning ‘normal’ for radically different technologies and deployment types, from decades-old PLCs to distributed sensors and industrial IoT. This allows Darktrace’s self-learning AI to secure the full range of OT-centric environments and organizations:

Energy & Utilities

By monitoring from a central location, and deploying small probe appliances into substations, Darktrace protects entire power grids and utility systems. Regardless of network topology, Darktrace can provide complete visibility of RTUs and remote OT across all substations and compressors. The technology models and compares behavior of control system devices across all sites, detecting threats at the substation level, for both remote and local physical compromise. Several leading energy and utilities industry providers, including the UK’s largest coal power station, Drax have deployed Darktrace’s Industrial Immune System to protect their OT and IT infrastructure.


The modern factory contains a large degree of interconnectivity between OT and IT systems, as well as new technologies such as robotics and IoT sensors. Darktrace can model and understand all forms of network communication, from ongoing regular PLC traffic, to distributed IIoT sensor grids. King’s Hawaiian, world famous for its Hawaiian sweet rolls, has deployed Darktrace appliances in both the control system and the business network. They are provided with a single point of analysis, allowing security personnel to monitor all network activity from a central location.

Oil & Gas

Whether upstream, midstream, or downstream, Darktrace can be deployed to protect oil and gas production and transportation. Remote deployments on rigs can include local modeling and analysis, as well as central correlation for security monitoring of all assets. Darktrace appliances can support low-bandwidth and inhospitable environments through the use of ruggedized industrial probes. With Darktrace’s Industrial Immune System, the entire infrastructure is visualized and protected, including Industrial IoT and ICS.

Smart Cities

As cities become more digitized, municipal authorities are increasingly responsible for maintaining and protecting a wide range of IoT and OT devices. Whether from the cloud or locally, Darktrace can monitor the communications from edge devices to provide real-time visualization and protection for smart city infrastructure. Darktrace can build behavioral models for all forms of IoT devices — regardless of protocol or vendor — to understand normal behavior of millions of disparate endpoints. At the City of Las Vegas Darktrace AI has been deployed for real-time threat detection and response across their hybrid cloud and industrial networks.


Darktrace can protect both shore-based port infrastructure and shipping fleets. By using either physical or virtual monitoring of individual ships, entire fleets can be visualized and defended from the mainland. Modern ship networks are often hybrid OT and IT environments, containing a wide range of systems from crew and passenger internet services, to ship automation and navigation systems. Deployed by leading maritime organizations such as Harwich Haven Authority, Darktrace probes can relay telemetry over low-bandwidth satellite uplinks to provide real-time visibility and investigation.

Key Benefits

Self learning
Detects novel threats as they emerge
100% coverage and visibility
Full visualization across OT, IT, IoT, Cloud, SaaS
Identifies all forms of threat
Including malware, operator error, malfunction and insider threat
No fixed baselines
Protocol and technology agnostic

Proven to Protect

Shamoon Virus Detected

In December 2018, Darktrace AI identified Shamoon, a highly destructive malware, in the network of a global energy company. The technology detected both lateral movement and detonation of the payload, designed to wipe thousands of systems and render them inoperable. Darktrace identified the threatening activity in real time and provided numerous suggested actions that could have prevented the attack.

Zero-Day Trojan

An employee at an American manufacturer received a phishing email disguised as a Microsoft product, but Darktrace indicated that it was being downloaded from a rare, unidentified source. Whilst this would have caused immense damage to the manufacturing process, Darktrace identified and alerted the threat to the security team, who performed an emergency recompose to remediate the threat within 20 minutes.

Compromised Equipment on the Assembly Line

Several compromised industrial IoT devices on a food manufacturer’s assembly line – including baggers, slicers, and blenders – were infected with malware and attempting to communicate with the attacker. Darktrace AI identified the anomalous behavior as a significant risk, and helped the security team take the compromised devices off the network, preventing the provider’s manufacturing infrastructure from harm.

Suspicious Downloads and Ransomware Infection

At an integrated oil refiner and supplier, Darktrace identified the first signs of a ransomware infection in the company’s network. A device was found to be making a series of connections to rare external destinations via an internal proxy server, and then downloading malicious files. Darktrace alerted the security team to the highly unusual and threatening pattern of behavior before the infection was able to spread into the OT environment.