Darktrace’s Self-Learning AI for Modern Working
Darktrace DETECT + RESPOND/Endpoint
Darktrace/Endpoint deploys using lightweight Darktrace agents that analyze granular, real-time data asking millions of questions to spot and neutralize unusual activity. Darktrace/Endpoint can also use existing endpoint solutions to enrich its understanding of your environment.
DaRKTRACE
DETECT
™
/
앤드포인트
Self-Learning AI
Detects abnormalities
Analyzes for risk and context
Conducts autonomous investigations at scale
Cyber AI Analyst
DaRKTRACE
RESPOND
™
/
앤드포인트
Self-Learning AI
Autonomous Response
Cyber AI Analyst
Responds to threats autonomously in seconds
Actively integrates with security stack
Supports human intervention in decision making
다크트레이스
DETECT
TM
/
앤드포인트
no attacks are off limits
Identifying attacks at first sight
In most instances, endpoints will be the first site of compromise for an attacker - a point from which they hope to expand through the rest of the digital environment. Darktrace DETECT is the best way to catch them before they do. Comparing thousands of data points with its continually updated understanding of the organization, Darktrace DETECT reveals the attack path being taken and leaves attackers with nowhere to hide.
Seamless visibility
It is challenging to maintain high visibility and understanding of devices that travel and change between office networks, home networks, hotels, hotspots and split-tunnel VPNs.
Darktrace/Endpoint simply stays with the device wherever it goes and however it connects.
Darktrace/Endpoint simply stays with the device wherever it goes and however it connects.
Unknown attacks
EDRs and antivirus solutions use historical attack data to stop known threats, but remain unprepared for new ones.
Darktrace/Endpoint’s comprehensive understanding of each endpoint device allows it to recognize novel attacks and device misuse without relying on threat intelligence.
Darktrace/Endpoint’s comprehensive understanding of each endpoint device allows it to recognize novel attacks and device misuse without relying on threat intelligence.
Gaps in zero trust
Zero trust architectures often vary widely in type and detail across an organization’s locations and services.
Darktrace/Endpoint monitors every variation and learns and understands how zero trust is normally applied, the commonalities and the differences, to watch for attacks or misuses.
Darktrace/Endpoint monitors every variation and learns and understands how zero trust is normally applied, the commonalities and the differences, to watch for attacks or misuses.
Living off the land
Attackers living off the land by using preinstalled software to conduct attacks can often circumvent rules-based EDRs.
Darktrace/Endpoint looks not only at the tool being used, but how, when, by whom and so on, to spot anomalies and uncover attacks.
Darktrace/Endpoint looks not only at the tool being used, but how, when, by whom and so on, to spot anomalies and uncover attacks.
Darktrace RESPOND/Endpoint takes action to stop all of these threats.
UNDERSTANDING NORMAL
Analyzing every connection
By asking millions of questions of every activity on every device, Darktrace DETECT/Endpoint can correlate anomalies, and draw out the subtlest threats. A deep understanding how you and your device work means that even novel threats and exploits will be spotted rapidly by Darktrace DETECT at every stage.
Raw Datapoints
Extracted directly from endpoint devices
Source IP
Destination Port
Application Protocol
DNS Query
. . .
Darktrace-Enriched Datapoints
Mathematically & AI-enhanced data features
Suspicious read/write ratio?
Is connectivity unusual for device?
Potential network scanning?
Appears to be irregular beaconing?
. . .
All context considered, Darktrace RESPOND/Endpoint asks is the connection normal?
And then issues the perfect response to the threat.
And then issues the perfect response to the threat.
Raw Datapoints
Extracted directly from endpoint devices
Source port
Destination port
Application Protocol
Low
. . .
Darktrace-Enriched Datapoints
Mathematically & AI-enhanced data features
Suspicious read/write ratio?
Is connectivity unusual for device?
High
Potential network scanning?
Appears to be irregular beaconing?
Low
. . .
Understandable events
Complex math,
simple output
simple output
Darktrace DETECT outputs intuitive and easy-to-understand alerts, reducing time-to-meaning for security teams.
다크트레이스
RESPOND
TM
/
앤드포인트
It’s all about precision with autonomous response
Disarm an attack in seconds
The first autonomous response solution proven to work in the enterprise. Working with Darktrace DETECT, Darktrace RESPOND autonomously contains and disarms threats, all supported by micro decision-making driven by AI.
Darktrace RESPOND takes in events and considers them within the overall context of the environment, as well as human guide-rails, to determine in milliseconds the best possible response.
Darktrace RESPOND takes in events and considers them within the overall context of the environment, as well as human guide-rails, to determine in milliseconds the best possible response.
Darktrace RESPOND has a range of actions it can take to cut endpoint attacks short.
And crucially, it knows which to take, and where to take them.
And crucially, it knows which to take, and where to take them.
RESPOND ACTION
No action necessary
.svg)
Block matching connections
Darktrace RESPOND identifies potentially malicious C2 communications and blocks them. This prevents further malware from being installed into the device, interrupts attacker communications, and brings many threats to a close.
Enforce device's patterns of life
Block all outgoing traffic
Enforce group pattern of life
Enforcing an endpoint device’s pattern of life is a precise and non-disruptive way to stop a threat. By taking this action, Darktrace RESPOND allows the user to continue using their device for business, while preventing attacks from progressing further.
Block all incoming traffic
Block all traffic
And in reality, these can translate into an
infinite number of actions, all determined and taken on the spot:
infinite number of actions, all determined and taken on the spot:
No action necessary
Block connections to 10.100.1.1 over port 437
Block outgoing connections to 13.410.2.1
Block connections over port 445 for 1 hour
Block incoming connections to 10.100.1.4
. . .
All in real time.
Blog Spotlight
Fully configurable and customizable
Darktrace RESPOND operates within the parameters you tell it to.
Only on certain devices? At certain times of day? In response only to certain events?
You set the guide-rails. Then let the AI do the heavy lifting.
Slips AI into existing workflows
One-click integrations
Darktrace/Endpoint can be integrated with traditional endpoint security tools in minutes, slotting easily alongside your existing investments without causing disruption.
Complementing tools like Microsoft Defender for Endpoint, which are effective at preventing known malware and threats, Darktrace/Endpoint adds sophisticated behavioral analysis to your endpoint security efforts, closing up the gaps in your attack surface.
Complementing tools like Microsoft Defender for Endpoint, which are effective at preventing known malware and threats, Darktrace/Endpoint adds sophisticated behavioral analysis to your endpoint security efforts, closing up the gaps in your attack surface.
Explore /Endpoint integrations
Stay in the loop with the Darktrace Mobile App
Full oversight of Darktrace RESPOND's actions is provided through Darktrace’s Threat Visualizer interface, and via the Darktrace
Mobile App.
Mobile App.
Download on:
A use case for everything
The right approach can handle anything
Cyber AI Analyst
Darktrace's Cyber AI Analyst investigates every output of Darktrace DETECT to reveal the wider incident, giving you all the details you need in just one click.
Combines human expertise with the speed and scale of AI
AI Analyst is trained on an ever-growing data set of expert cyber analysts. By observing and then replicating their behavior, the technology thinks like a human investigator: asking questions, testing hypotheses, reaching conclusions.
Cuts through the noise
As a result, it can perform the heavy lifting on behalf of human teams, connecting the dots between dozens of singular events and reducing them to a handful of high priority incidents for human review.
Augments your team
AI Analyst reduces triage time by an average of 92%. This allows your security team to spend their time on strategic tasks rather than reactive fire-fighting.
The end result?
AI-generated incident reports that
anyone can understand
anyone can understand
From your board, to your newest starter.
Customer Stories
%20copy.png)