Darktrace Enterprise uses world-leading machine learning and AI to detect, classify and visualize cyber-threats that evade other defenses, from within the enterprise. Installed in just one hour into your enterprise, it is fast as well as effective.
Unlike rule and signature based approaches, Darktrace Enterprise does not rely on historical attacks to predict tomorrow’s. Instead, it builds its own, unique understanding of what ‘normal’ behavior looks like within an enterprise, and can detect emerging threats in real time – including insider threat, low-and-slow attacks and automated viruses like ransomware.
Darktrace Enterprise adapts as your organization changes – there’s no need to tune the system or configure it. This means that it identifies new threats that you may face in future, irrespective of the threat type or attacker. Darktrace Enterprise rapidly identifies anomalous activity, and alerts you to threats early, while you have time to act.
- Adaptive – evolves with your organization
- Self-learning – constantly refines its understanding of normal
- Probabilistic – works out likelihood of serious threat
- Real-time – spots threats as they emerge
- Works from day one – delivers instant value
- Low false positives – correlation of weak indicators
- Data agnostic – ingests all data sources
- Highly accurate – models human, device and enterprise behavior
- Installs in 1 hour – no configuration
Darktrace Industrial is a cyber defense technology that detects cyber-threats and vulnerabilities within OT environments, such as SCADA and other industrial control systems, using machine learning.
It also provides real-time visibility across both your industrial and enterprise networks, allowing security professionals to gain oversight of all their systems and understand where to focus attention and resource.
Darktrace Industrial works by passively monitoring network traffic across OT and IT, and modeling the ‘pattern of life’ for every user, device and controller in the system. In doing so, it learns ‘normal’ behaviors from ‘abnormal’ behaviors, and can identify potential problems or cyber-threats at a very early stage, before they have time to escalate into a crisis and cause material harm.
Thanks to this evolving understanding of ‘normal’, Darktrace Industrial detects threats that traditional, rules-based tools fail to see. This includes everything from pre-existing, long-term vulnerabilities and low-and-slow attackers, to insider threats and hacked IoT devices.
Because data ingestion is passive, Darktrace Industrial is easy to deploy, and doesn’t disrupt normal functioning of critical ICS, including industrial plants and machinery.
- Unprecedented visibility into ICS activity
- Protects against insider threat, including operators and privileged users
- Detects threats in real time
- Coverage of both IT and OT environments
- Correlates actions over time, for refined understanding of ‘normal’
Darktrace Cloud delivers Darktrace’s world-leading cyber-threat detection and real-time visibility to the cloud, and is compatible with all major cloud providers, including AWS, Google Cloud Platform and Microsoft Azure.
Darktrace Cloud seamlessly integrates with Darktrace Enterprise, to extend visibility into otherwise unseen parts of your network, giving security professionals rich insights and a real-time overview of activity on the cloud.
Whether it’s an insider threat, an attacker targeting your cloud infrastructure, or a misconfiguration that could be exploited in the future, Darktrace Cloud helps you eliminate blind spots and protect your data, wherever it resides.
Darktrace Cloud is fully configurable, allowing organizations to see all or selected cloud traffic without requiring access to the hypervisor and with minimal performance impact.
- Complete visibility of third-party clouds
- Fully configurable – you choose cloud traffic that you want to monitor
- Lightweight and non-intrusive – easily installed onto virtual machines, without requiring access to the physical server
- Dynamic configuration – creates only single copies of network traffic, no data duplication
Darktrace SaaS leverages Darktrace’s self-learning technology to detect threats and anomalous behaviour in SaaS applications, including Salesforce, Dropbox and Office 365.
Deployed as connectors, Darktrace SaaS partners with leading SaaS platforms to gain access to rich data sets, such as user logins, data uploads and data transfers. These insights are intelligently fed back to Darktrace Enterprise, which uses the data to identify emerging indicators of threats or incidents.
For example, if an employee starts downloading abnormally large volumes of data or transferring unusual file types, Darktrace SaaS would analyze the behavior against a range of weak indicators, and determine whether the activity is anomalous and potentially threatening.
Darktrace SaaS interacts seamlessly with SaaS applications via HTTPS requests, allowing user interactions to be processed and monitored in real time, whether they originate inside the network or from remote locations.
Darktrace SaaS covers all major SaaS providers, including Salesforce, Box, G Suite, AWS, Dropbox, and Microsoft Office 365.
Powered by Darktrace’s award-winning cyber AI, Darktrace Antigena is an autonomous response technology, which takes targeted, surgical actions on behalf of the security team, when faced with fast-moving or mission-critical attacks.
Like ‘digital antibodies’, Darktrace Antigena proactively fights back against in-progress cyber-attacks in real time. Whether ransomware or a severe insider attack hits the organization, Darktrace judges the most appropriate action to take, thanks to its evolving understanding of ‘normal’.
In an era where cyber-threats often outpace humans in both speed and sophistication, Darktrace Antigena helps you regain the upper hand, buying security teams crucial time to catch up.
You’re in control
Darktrace Antigena is configurable. This means that the scope of its actions can be controlled and adjusted, depending on your specific use cases or risk appetite. Autonomous actions can be tailored to target a wide range of attack types, including:
- Insider threat
- Lateral movement
- Data exfiltration
Darktrace Antigena can also be configured in one of two modes to allow for varying degrees of automation. In ‘Human Confirmation Mode’, the system recommends response actions, such as blocking an individual connection or quarantining a device, which the security team may validate, before action is taken. When placed in ‘Active Mode,’ the system is fully autonomous, within its defined operating parameters.
- Take automated, measured, and targeted action
- Responds faster than any security team can
- Human confirmation mode
- No rules, no signatures
- Fully configurable
- Does not disrupt day-to-day activity
There are a number of methods by which Darktrace can interact and integrate with an organization’s existing security infrastructure. Enterprise Immune System can be integrated with SIEM dashboards, SOC environments or any other downstream ticketing and alerting tool, allowing security teams to adopt Darktrace without changing existing business processes and working practices.
Darktrace is compatible with all major SIEMs that support the industry-standard Common Event Format (CEF) and Log Event Extended Format (LEEF). These include providers such as ArcSight, LogRhythm, QRadar and Splunk. Darktrace can also be configured to trigger alerts when the most serious threats are detected.
While SIEMs can use threat intelligence and correlation for some known threat detection, Darktrace can detect a much broader range of threats, both internal and external, and does not rely on rules or signatures, thus enhancing existing tools.
Darktrace can also support a range of deployment strategies for different Security Operations Center (SOC) environments, from continuous monitoring and alerting, to dedicated threat hunting. Darktrace models, as defined in the Threat Visualizer, define the conditions under which Darktrace will notify an operator of an event. These events are surfaced within the Darktrace Threat Visualizer but may also be issued to external systems or be actively queried via the Darktrace API.