Darktrace is a network solution for detecting and investigating emerging cyber-threats that evade traditional security tools. It is powered by Enterprise Immune System technology, which uses machine learning and mathematics to monitor behaviors and detect anomalies in your organization’s network. The Enterprise Immune System’s mathematical approaches do not require signatures or rules and so can detect emerging ‘unknown unknown’ attacks that have not been seen before.
Darktrace is delivered as an appliance that takes passive feeds of raw network traf c from the centers of your networks. Once connected, the technology immediately begins using a range of mathematical approaches to create numerous models of behavior for each individual user and device within the organization. The Enterprise Immune System’s self-learning mathematics work from day one, detecting anomalous behaviors on the network. They continue to learn on an ongoing basis – constantly updating as the organization evolves.
Creating powerful ‘pattern of life’ models of every individual and device on your network allows Darktrace to detect subtle shifts in behaviors, such as the way someone is using technology, a machine’s data access patterns, or trends in communications. This may indicate any number of potentially threatening events, such as the theft of a user’s credentials, a compromised device, or the actions of a disaffected or negligent employee.
Darktrace monitors over 350 dimensions of user and device activity. This allows it to detect a range of anomalies, including network reconnaissance and traversal, unexpected downloads from unusual internet domains, intranet or le system cloning, sensitive data logins from a new device and location, unusual applications and protocols, or a change in pattern of information uploads. These activities may be worthy of investigation if they represent signi cant departure from normal behavior.
The Threat Visualizer is Darktrace’s graphical and interactive 3D interface, which enables analysts and business executives to intuitively visualize behaviors and investigate anomalies, without requiring an understanding of the advanced mathematics that power the platform.
The Threat Visualizer provides users with intelligence-led insights into the relationships and data flows across the network, in real time. When an anomaly emerges, the Visualizer allows users to play back the events leading up to and during the anomaly.
The Visualizer is an interactive tool, allowing analysts to investigate deepening layers of detail and perform very complex queries. The platform also supports analyst investigation at a detailed level and enables the download of the relevant raw network packets for deep forensic analysis in your organization’s preferred tool (e.g. Wireshark).