Stop supply chain attacks before they spread

Defend the supply chain with improved visibility across third-party activity and detection, investigation, and response to novel threats

10,000
Darktrace のお客様

‘Supply chain attacks’ take many forms

Vendor email compromise

Attackers impersonate suppliers, compromising emails to manipulate transactions and sensitive communications

Software vulnerability

Attackers compromise open-source or third-party software, injecting malware or inserting malicious code into updates

Physical systems threats

Cyber-criminals exploit vulnerabilities in Industrial Control Systems to introduce defects or sabotage production

Nation-state & APTs

Nation-state actors infiltrate government or corporate suppliers to steal intellectual property or classified data

The severity of supply chain attacks

$4.81m

is the average cost of an attack using
compromised credentials

292 days

average time to identify and contain attacks using stolen or compromised credentials

+1300%

in malicious threats circulating on open-source repositories

48%

of corporate networks globally were scanned for the Log4j vulnerability upon disclosure

Accelerate your investigations

10x

Darktrace's Cyber AI Analyst finds connections between isolated events and surfaces full security incidents, prioritized and contextualized. It has saved security teams the equivalent of up to 50,000 hours of investigation time per year.

Cover the full spectrum of attack vectors in your supply chain

Darktrace takes targeted actions at every stage of a supply chain attack, correlating thousands of data points at machine speed to detect, contextualize, and mitigate threats in real time, from compromised vendor email accounts to critical vulnerabilities in third-party software

Detect anomalous behavior

Detect threats earlier including signs of unusual scanning, SMB writes, and credential misuse, stopping attacks before encryption occurs

Stop lateral movement

Most threats start in the inbox. Darktrace detects and stops phishing from compromised vendor accounts with AI-driven response

Investigate custom & third-party triggers

Export rich incident context to enhance existing workflows in SIEM, SOAR, or ticketing systems

Contain threats at the earliest stage

Have visibility over your entire network, giving you unprecedented context into known and unknown devices and detecting the smallest deviations in network activity to identify threats

Analyze behavior across trusted relationships

Flag anomalies in how vendors, contractors, and third-party services interact with internal systems to identify threatening or malicious behavior

Threat story: Supply chain attack

How Darktrace detected a software supply chain attack at every stage of compromise

This is the default text value

Explore Darktrace's detection of a sophisticated supply chain attack and how AI-driven solutions would stop this threat at every stage of the kill chain

Initial compromise

The attackers compromised trading software, allowing them to distribute trojanized installers that appeared legitimate. Darktrace flagged anomalous patterns of unusual behavior tied to these installations, helping identify and isolate affected devices.

Gaining access

An employee unknowingly installed the trojanized X_TRADER software, enabling the attackers to steal credentials and access 3CX systems. Darktrace revealed how the malware used DLL sideloading techniques, allowing it to evade traditional endpoint security.

Execution

The attackers trojanized the 3CXDesktopApp installer, embedding malware into legitimate software updates. While traditional tools let this slide due to the software being signed & trusted, Darktrace identified abnormal patterns in software distribution and endpoint activity, autonomously restricting suspicious downloads and isolating the affected endpoints.

Lateral movement and C2 communication

Attackers deployed multiple malware families to move laterally within 3CX’s network, using encrypted C2 channels to evade detection. Darktrace found unusual SMB drive writes and self-signed SSL connections, indicating lateral movement and C2. It autonomously blocked connections to known malicious domains and restricted abnormal file transfers.

Customer story

How we protected Bank One from a supply chain attack

Darktrace / EMAIL proved its value after it stopped a supply chain attack that targeted Bank One, in which a trusted partner's account was taken over and emails were sent to Bank One disguised as legitimate RFPs but containing malicious links. Darktrace recognized these emails were unusual in the context of prior correspondence and locked the links, effectively containing the attack.

13 days
Darktrace / EMAIL stops threats an average of 13 days earlier than traditional tools
58%
Darktrace / EMAIL catches the 58% of 
threats missed by traditional tools
10,000 hrs
Cyber AI Analyst saves the equivalent of 30 full-time 
L2 SOC analysts per month

Get ahead of the attack

Get proactive about supply chain – prioritize on true cyber risk and harden defenses ahead of time

Strategic CVE management

See your most immediate vulnerability risks – not just in the context of common industry scoring but in relation to data from each of your environments

Reduce phishing risks.

Get prioritized mitigation steps paired with their potential risk outcomes, making it easier to take proactive steps toward greater resilience

See your most at risk users

Discover your riskiest users and assets based on liability, access, and exposure, and then shore up defenses around them

Go beyond simple patch lists

Get prioritized mitigation steps paired with their potential risk outcomes, making it easier to take proactive steps toward greater resilience

Over 267 reviews on Gartner Peer Insights

4.8
on Gartner Peer Insights
“Darktrace outperformed by far – it was better bar none. It was phenomenal at addressing our inbound email challenge.”
John Eccleshare
Head of Information Security | Bet365
“The platform's AI-driven approach ensures that even the most subtle anomalies are identified quickly, allowing for immediate action.”
IT Security & Risk Management Associate
Insurance (except health)
“Best tech in the business for identifying anomalous behavior on one's network. From demo to POV to deployment, Darktrace provides the best experience and protection.”
Business Development Associate
 IT Services
"Truly groundbreaking on detection and response to protect our users from malicious attacks."
IT Administrator
Construction
“An exceptional threat hunting product and has backed up the product with excellent implementation and ongoing support.”
Director of IT
Energy and Utilities
Recommended resources

Learn more on supply chain attacks  

Attackers are avoiding traditional security measures leveraging AI-driven techniques to bypass conventional rules and signatures. Learn how Darktrace responds to threats infiltrating through the supply chain

White paper

Four top supply chain risks

This white paper highlights recent trends, security challenges, and how smarter use of AI gives security experts an advantage for detecting, responding to, and preventing supply chain attacks.

Customer story

Protecting McLaren

Faced with increasingly sophisticated threats, McLaren chose Darktrace AIto detect novel email attacks in real time, without relying on signatures or pre-defined rules.

Blog

Exploiting browser extensions

In late 2024, Darktrace detected unusual activity linked to Cyberhaven's Chrome browser extension, affecting 2.6 million users. See what activity Darktrace found that pointed to the compromise.

See Darktrace in action

Protect your organization from supply chain attacks. See what Darktrace’s AI can find in your environment

Supply chain attacks

Frequently asked Questions

Is email security essential to supply chain attack prevention?

Yes, email security is critical to effective supply chain attack prevention. Because email is the primary communication channel for most businesses, it is a top target for cyber-attacks that exploit trusted relationships with suppliers, vendors, and customers. If a supplier’s email account is compromised, attackers can send phishing emails, fake invoices, or malware from what appear to be legitimate sources.  

Because they come from legitimate accounts, phishing attacks from third party vendors often bypass traditional email gateways and filters. To stop this, organizations need advanced supply chain attack email protection that goes beyond static rules and signatures. Darktrace / EMAIL uses AI to identify subtle anomalies in communication patterns, tone, and content. This helps stop malicious messages while allowing legitimate business communications to continue.

How does Darktrace detect supply chain attacks targeting third-party vendors or partners?  

Darktrace detects supply chain threats by analyzing behavior across an organization's email, cloud, and network environments, even when the activity appears to come from trusted partners. For example, in Vendor Email Compromise (VEC) cases, a partner’s legitimate email account may be hijacked to send malicious messages. Darktrace uses AI to learn the normal behavior of every internal and external user. It identifies anomalies in language, timing, access patterns, and file types to uncover supply chain threats before damage occurs. This makes it a powerful solution for supply chain attack prevention.

How does Darktrace protect against compromised software updates or malicious code injection?  

Darktrace protects against compromised software updates and malicious code injection by focusing on anomaly detection and behavioral analysis, rather than relying on static signatures or lists of known threats. This approach enables Darktrace to spot unusual activity even when it appears legitimate on the surface.

For example, in the case of the Cyberhaven Chrome extension compromise, traditional tools may have missed the threat because the activity seemed benign. But Darktrace’s AI detected subtle behavioral changes at the device, browser, and network levels, flagging the incident as suspicious. This illustrates how modern supply chain attacks don’t just target software vendors, they now exploit browser extensions, cloud-based apps, and even SaaS services to infiltrate environments.

Darktrace also identified Balada Injector malware exploiting WordPress vulnerabilities, showing its ability to detect malicious code injections in web-based platforms and content management systems.

By continuously learning what’s normal for each environment, Darktrace can detect and respond to malicious updates, injected code, and other evolving threats whether they originate from trusted vendors, cloud apps, or browser extensions.

What role does Darktrace play in monitoring API and third-party system integrations for threats?  

Darktrace monitors API usage and third-party system integrations by analyzing data from connected platforms and services. It integrates with hundreds of third-party tools such as firewalls, EDR, SIEM, SOAR, and vendor risk platforms. This enables Darktrace to provide unified visibility and context around third-party activity, helping organizations detect supply chain threats that may emerge through integrated systems.

Can Darktrace detect threats introduced through managed service providers (MSPs) or external IT support?  

Yes, Darktrace can detect threats introduced through MSPs or external IT support by continuously analyzing behavior across your digital environment, including cloud services, email, endpoints, and network traffic. Supply chain threats often emerge from legitimate but compromised third-party access, making them difficult to detect with traditional rule-based tools. Darktrace’s Self-Learning AI understands what ‘normal’ looks like for each user, device, and service account, enabling it to spot subtle deviations that may indicate abuse of privileged access or lateral movement originating from a trusted partner.

This behavior-based detection is essential to modern supply chain attack prevention, where trust alone is no longer enough.

How does Darktrace monitor third-party communications and reduce false positives when detecting supplier-related threats?

Darktrace monitors third-party communications by building an understanding of normal interactions between suppliers. This includes typical email behavior, file sharing patterns, and remote access activity. By learning what is expected for each supplier, user, and device, Darktrace can detect even minor changes that suggest compromise or abnormal behavior.

Because it uses AI to focus on behavior rather than static rules or threat feeds, Darktrace greatly reduces false positives. For example, it can detect if a supplier suddenly sends unexpected file types or accesses sensitive data they usually do not interact with. This makes supply chain attack prevention more accurate and less noisy for security teams.

Does Darktrace provide visibility into shadow IT and unsanctioned third-party tool usage?

Darktrace / Attack Surface Management identifies exposed assets as your adversary would see, find, and exploit. Once it has identified all confirmed assets, Attack Surface Management creates a comprehensive risk profile of your digital estate. It can discover a wide array of vulnerabilities including shadow IT, supply chain risks, potential phishing domains, vulnerabilities and misconfigurations, and risks arising from mergers and acquisitions.