What is Darktrace?
The Enterprise Immune System is Darktrace’s multi-award-winning technology platform for cyber defense, allowing for the detection, investigation and neutralizing of cyber-threats across the digital enterprise, including the cloud, virtualized environments, SaaS applications, and industrial control systems.
Powered by AI, and inspired by the human immune system, the Enterprise Immune System does not require knowledge about past
threats to detect future ones. Instead, it is a self-learning system that identifies the sophisticated threats that exist within the network perimeter, and which bypass traditional security controls.
- Zero-day attacks
- Subtle and stealthy attacks
- Insider threat
- IoT hacks
- Cryptocurrency mining
The Threat Visualizer
The Threat Visualizer
The Threat Visualizer is Darktrace's real-time, 3D threat notification interface. As well as displaying threat alerts, the Threat Visualizer provides a graphical overview of the day-to-day activity of your network(s), which is easy to use, and accessible for both security specialists and business executives.
Powered by Darktrace’s multi-award-winning AI, Darktrace Antigena is an autonomous response solution that takes action against in-progress cyber-threats, limiting damage and stopping their spread in real time. The technology works like a digital antibody, intelligently generating measured and proportionate responses when a threatening incident arises, without impacting normal business operations. This ability to contain threats using proven AI is a game-changer for security teams, who benefit from the critical time needed to catch up and avoid major damage.
Darktrace Industrial is a cyber AI defense technology that is specifically developed to detect cyber-threats and latent vulnerabilities in both OT environments, such as SCADA systems, and IT networks. It also provides real-time visibility across both your industrial and enterprise networks, allowing security professionals to gain oversight of all their systems and protect them from cyber-threats as they emerge.
Powered by Darktrace’s core artificial intelligence technology, Darktrace Industrial works by passively monitoring network traffic across OT and IT, automatically modeling the ‘pattern of life’ for every user, device and controller in the system. In doing so, it learns ‘normal’ behaviors and can then identify potential problems or cyber-threats at a very early stage, before they escalate into a crisis or cause material harm.
Darktrace Cloud delivers Darktrace’s world-leading cyber-threat detection and real-time visibility to the cloud, and is compatible with all major cloud providers, including AWS, Google Cloud Platform, and Microsoft Azure.
Seamlessly integrating with Darktrace Enterprise, Darktrace Cloud extends visibility into otherwise unseen parts of your network, giving security professionals rich insights and a real-time overview of activity in the cloud. Whether faced with an insider threat, an attacker targeting data in the cloud, or a significant misconfiguration that could be exploited in the future, Darktrace Cloud helps eliminate blind spots and protect your data, wherever it resides.
Darktrace SaaS leverages Darktrace’s self-learning technology to detect developing threats and anomalous behavior in SaaS applications, such as Salesforce, Dropbox, and Office 365.
By accessing log information and rich security insights via APIs, Darktrace SaaS spots genuine anomalies and subtle threats, including highly unusual file changes, user logins, and data transfers.
For example, if an employee starts downloading abnormally large volumes of data or transferring unusual file types, Darktrace SaaS would analyze the behavior against a range of weak indicators and determine whether the activity is anomalous and potentially threatening. Darktrace SaaS interacts seamlessly with SaaS applications via HTTPS requests, allowing user interactions to be processed and monitored in real time, whether they originate inside the network or from remote locations.
Darktrace easily integrates with your existing infrastructure, including SIEM dashboards, SOC environments or any other downstream ticketing and alerting tool. This allows security teams to adopt Darktrace without changing existing business processes and working practices.
Darktrace is compatible with all major SIEMs that support the industry-standard Common Event Format (CEF) and Log Event Extended Format (LEEF). These include providers such as ArcSight, LogRhythm, QRadar and Splunk. Darktrace can also be configured to trigger alerts when the most serious threats are detected.