Darktrace is the de facto solution for cyber threat defense, which, for the first time, implements new, unsupervised machine learning and probabilistic mathematics that have been proven to address the true challenge of cyber security – detecting and defending against emerging threats within the network, irrespective of their type or origin.
Used by organizations of all sizes, from small businesses through to large corporations, Darktrace is a software platform that allows for the detection and investigation of the most subtle cyber-threats from within the network, without any rules or signatures.
Powered by machine learning and a novel branch of Bayesian probability theory developed by specialists from the University of Cambridge, Darktrace is powered by Enterprise Immune System technology - the only cyber defense technology that is capable of detecting anomalous behaviors within large and complex environments, without any prior knowledge of what it is looking for.
With total visibility into network activity, Darktrace is uniquely capable of not only identifying but also classifying threats in real time. Darktrace creates unique behavioral models for every user and device, and for the enterprise as a whole, by correlating many weak indicators and subtle changes in information that would otherwise go unnoticed in the noise of a busy network. Using these models, Darktrace’s technology is able to rapidly piece together a compelling picture of genuine emerging threat activity without producing floods of false positives.
Darktrace is the first fully-scalable cyber defense technology that applies the immune system approach. It is proven to find anomalies that bypass all other legacy security tools, allowing organizations to proactively and pragmatically manage serious cyber risk before damage is done.
- Powered by unsupervised machine learning and Bayesian mathematics
- Learns normal and abnormal behavior in real time and detects emerging anomalies
- Auto-classification of threats, supporting workflow and collaboration
- Complete analysis and visibility of 100% of network traffic
- Protects against internal and external cyber attacks
- No rules, no signatures, no assumptions
Darktrace Threat Visualizer
Darktrace’s Threat Visualizer leverages the Enterprise Immune System technology to represent global enterprise network activity in a manner that is designed for use by both C-level executives and threat analysts. In the increasingly complex threat landscape, the Threat Visualizer will use the underlying Bayesian algorithms to dynamically identify threats that are genuinely anomalous so that organizations can focus attention and expertise appropriately.
The Threat Visualizer allows you to see what is happening in your enterprise globally, visually representing all network activity and connections, both external and internal, between all machines and users. It works at both a high level, flagging diverse threats and anomalies for the analyst’s attention, and at a more granular level, allowing you to drill down and view specific clusters of activity, subnets and host events.
- Unique global view of enterprise
- Flexible dashboard
- Designed for both C-level executives and threat analysts
- Real-time global threat mapping
- Ability to replay historical data
- Underlying logic is discoverable
- Create and manage custom models
Darktrace Antigena is an active, self-defense product that extends Darktrace’s core power of detection, acting as digital antibodies within the Enterprise Immune System.
As the human immune system produces antibodies to identify and neutralize potential threats, Darktrace’s Enterprise Immune System technology produces an Antigena response to automatically defend against potential threats in real time.
As such, Darktrace Antigena is a unique product, complementing Darktrace’s core detection capability. It allows critical, mitigating action to be taken, without human intervention – and faster than any security team can respond. Depending on the severity of the anomalous activity detected by Darktrace, these responses could involve:
- Stopping or slowing down activity related to a specific threat
- Quarantining people, systems or devices
- Marking specific pieces of content for further investigation or tracking
Action taken by Darktrace is highly targeted, thanks to the unique ability of the Enterprise Immune System to detect genuine threats, without false positives. Darktrace Antigena simply enforces the normal ‘pattern of life’ of a device or user, without causing unnecessary and disruptive side-effects on business operations.
Darktrace Antigena is uniquely capable of:
- Directly inoculating against a full range of threats
- Preventing, slowing or disrupting activity in real time
- Stopping threats before they spread
Antigena is available in three modules:
- Antigena Internet — regulates user and machine access to the internet and beyond
- Antigena Communication — regulates email, chat and other messaging protocols
- Antigena Network — regulates machine and network connectivity, and user access permissions
Darktrace Antigena modules are deployed as physical appliances, complementing the core Enterprise Immune System appliance. They can also interface with Software Defined Networks (SDN) and Active Directory, and are fully configurable.
- Respond to threats faster than any security team can
- Take targeted action
- No rules; no signatures
- Does not disrupt day-to-day business
- Frees up resources and people
Industrial Immune System
Industrial Control Systems (ICS) are indispensable for critical national infrastructures, from energy and water supplies to transportation networks and manufacturing plants. Historically, these systems have been ‘air-gapped’, protected from outside attacks by being physically isolated from the corporate enterprise network.
The IT and Operational Technology (OT) systems are converging, however, driven by the economic pressures of globalization, and the competitive advantages that stem from the integration of these disciplines, such as cost reduction through remote management, and business optimization using data transfered between IT and OT environments.
This convergence comes at the cost of increasing vulnerability to the kinds of cyber attacks more commonly found in IT environments. Examples such as the Stuxnet virus and the hack of a German steel mill in 2014 show the extent of the possible damage that such attacks can cause.
Darktrace’s Industrial Immune System for ICS is a fundamental innovation that implements a real-time “immune system” for operational technologies, using groundbreaking advances in Bayesian probability theory to create an understanding of the normal behavior of users and devices within the ICS, allowing organizations to detect emerging threats without having to define in advance what the threat might be, and to respond to them before a crisis occurs.
- Real-time threat detection for Industrial Control Systems (ICS)
- Powered by machine learning and Bayesian mathematics
- Learns normal and abnormal behavior for users and devices
- Protects against internal and external cyber attacks
What Darktrace Finds
Darktrace finds anomalies that bypass other security tools, due to the Enterprise Immune System's unique ability to detect threats without reliance on rules, signatures or any prior knowledge of what it is looking for.