self-learning AI For the modern network
Darktrace DETECT + RESPOND/Network
Darktrace/Network builds an evolving understanding of you. By learning all the interactions that take place in your network, it detects and responds to unpredictable and novel cyber-threats.
DaRKTRACE
DETECT
™
/
네트워크
Self-Learning AI
Detects abnormalities
Analyzes for risk and context
Conducts autonomous investigations at scale
Cyber AI Analyst
DaRKTRACE
RESPOND
™
/
네트워크
Self-Learning AI
Autonomous Response
Cyber AI Analyst
Responds to threats autonomously in seconds
Actively integrates with security stack
Supports human intervention in decision making
다크트레이스
DETECT
TM
/
네트워크
UNDERSTANDING NORMAL
Analyzing every connection,
asking millions of questions.
asking millions of questions.
Darktrace/Network brings Self-Learning AI to your data centers and offices, analyzing data in milliseconds, in real time, as it occurs. For every packet, every connection, Darktrace is running deep packet inspection to extract raw datapoints and enriching the concrete information.
Raw Datapoints
Extracted directly from network data
Source port
Destination port
Application protocol
SMB version
. . .
Darktrace-Enriched Datapoints
Mathematically & AI-enhanced data features
Suspicious read/write ratio?
Is connectivity unusual for device?
Resembles a network scan?
Appears to be irregular beaconing?
. . .
Once raw and calculated metrics are extracted, Darktrace Self-Learning AI works to understand the connections in their entirety, with Darktrace DETECT spotlighting any unusual metrics and issuing a score, which are picked up by Darktrace RESPOND and prioritized and, at the right time, surfaced to the security team and their stack.
All context considered, is the connection normal?
Raw Datapoints
Extracted directly from network data
Source port
Destination port
Application Protocol
Low
SMB Version
. . .
Darktrace-Enriched Datapoints
Mathematically & AI-enhanced data features
Is suspicious read/write ratio?
Is connectivity unusual for device?
High
Resembles a network scan?
Appears to be irregular beaconing?
Low
. . .
And communicates its detections to Darktrace RESPOND to determine
the perfect counter response for the threat.
the perfect counter response for the threat.
→
No action necessary
.svg)
Block connections over port 45 for 3 hours
No action necessary
Understandable events
Complex math,
simple output
simple output
Darktrace DETECT outputs intuitive and easy-to-understand alerts, reducing time-to-meaning for security teams.
DETECT → MITRE
Darktrace MITRE Mapping
Darktrace DETECT models are automatically mapped to the
MITRE ATT&CK framework within the user interface
MITRE ATT&CK framework within the user interface
다크트레이스
RESPOND
TM
/
네트워크
Disarm an attack in seconds with autonomous response
It’s all about precision.
The first autonomous response solution proven to work in the enterprise. Working with Darktrace DETECT, Darktrace RESPOND autonomously contains and disarms threats, all supported by micro-decision making driven by AI.
Autonomous Response is not a ‘one size fits all’. It takes the least aggressive action necessary to contain the threat, without disrupting your business.
Of the millions of daily connections made, Darktrace DETECT's analysis of the unusual events are further analyzed by RESPOND's autonomous response technology.
Autonomous Response takes in event data, combines it with the overall context of the environment, as well as human guide-rails to determine in milliseconds the best possible response.
Autonomous Response is not a ‘one size fits all’. It takes the least aggressive action necessary to contain the threat, without disrupting your business.
Of the millions of daily connections made, Darktrace DETECT's analysis of the unusual events are further analyzed by RESPOND's autonomous response technology.
Autonomous Response takes in event data, combines it with the overall context of the environment, as well as human guide-rails to determine in milliseconds the best possible response.
Darktrace RESPOND has a range of actions it can take to cut attacks short.
And crucially, it knows which to take, and where to take them.
And crucially, it knows which to take, and where to take them.
RESPOND ACTION
No action necessary
Block specific connections
Darktrace RESPOND/Network can determine which connections to block, even if the port, protocol, or IPs have never before been seen or used maliciously.
Enforce custom business priorities
Enforce device's patterns of life
Enforce group pattern of life
Darktrace’s granular understanding of a device’s normal behavior means that, when that device is compromised, RESPOND can enforce its ‘pattern of life’. So the malicious activity stops, but it can continue behaving as it normally does.
Block all outgoing traffic
Block all incoming traffic
Block all traffic
And in reality, these can translate into an
infinite number of actions, all determined and taken on the spot:
infinite number of actions, all determined and taken on the spot:
No action necessary
Block connections to 10.100.1.1 over port 437
Block encrypted connections to 192.168.37.18
Block RDP connections to 10.115.1.3
Block connections over port 45 for 1 hour
Block incoming connections to 10.100.1.4
Terminate instance
. . .
All in real time.
Blog Spotlight
Fully configurable and customizable
Darktrace RESPOND operates within the parameters you tell it to.
Only on certain devices? At certain times of day? In response only to certain events?
You set the guide-rails. Then let the AI do the heavy lifting.
Insert AI into your existing workflows
Integrates with existing tools
Action can be taken independently or via integrations with native security controls, maximizing the return on other security investments.
Alerts are sent wherever you want them.
Alerts are sent wherever you want them.
Explore /Network integrations
A use case for everything
The right approach can handle anything
Stay in the loop with the Darktrace Mobile App
Full oversight of Darktrace RESPOND's actions is provided through Darktrace’s Threat Visualizer interface, and via the Darktrace
Mobile App.
Mobile App.
Download on:
Cyber AI Analyst
Darktrace's Cyber AI Analyst investigates every output of Darktrace DETECT to reveal the wider incident, giving you all the details you need in just one click.
Combines human expertise with the speed and scale of AI
AI Analyst is trained on an ever-growing data set of expert cyber analysts. By observing and then replicating their behavior, the technology thinks like a human investigator: asking questions, testing hypotheses, reaching conclusions.
Cuts through the noise
As a result, it can perform the heavy lifting on behalf of human teams, connecting the dots between dozens of singular events and reducing them to a handful of high priority incidents for human review.
Augments your team
AI Analyst reduces triage time by an average of 92%. This allows your security team to spend their time on strategic tasks rather than reactive fire-fighting.
The end result?
AI-generated incident reports that
anyone can understand
anyone can understand
From your board, to your newest starter.
Customer Stories
%20copy.png)
