Enterprise Immune System
Darktrace’s award-winning Enterprise Immune System technology is uniquely capable of detecting and responding to the most subtle cyber-threats within the network, including insider threat. Powered by advanced machine learning and mathematics, the Enterprise Immune System automatically and adaptively learns the ‘pattern of life’ for every user, device and network, in order to detect emerging behaviors that represent real threats. This self-learning technology provides corporations with comprehensive visibility into their networks’ activity, allowing them to proactively respond to threats and mitigate risk.
Machine Learning and Cyber Security
The legacy approach of surrounding your information with higher and higher walls is not sufficient against today’s threat landscape. New advances in machine learning and mathematics, developed by specialists from the University of Cambridge, have allowed a new era of cyber security, which takes for granted that threat is permanently inside the network. Instead of predefining ‘bad’ behaviors and relying on prior knowledge about previous attack methods, Darktrace’s machine learning is capable of automatically modeling and clustering information dynamically and at speed.
Catching the Cyber Attacker,
Lurking beneath the surface of enterprises today are in-progress cyber-threats, ranging from new vulnerabilities to advanced attackers that have taken hold of critical information. And yet the leaders of those enterprises often have no clue, until it is too late. The company board may discuss the incident recovery plan but have little oversight of the way the company protects its data systems in the first place.The cyber security breaches of the last year point to an inadequacy in the ability to see and detect emerging problems within our networks. As businesses explode in digital complexity and new types of threat emerge, organizations are increasingly outpaced and outmaneuvered by cyber-attackers.
and the Next Phase of Cyber AI
The old approach to information security, concerned with keeping threats out by strengthening the network perimeter, doesn’t work. Not against ransomware, which spreads too quickly to react in time, or slow and stealthy threats that fly under the radar, nor against insiders gone rogue, or hacked connected devices. The organizations that avoid the cyber headlines are embracing artificial intelligence to tackle these sophisticated and changeable adversaries.
With over 5,000 deployments, Darktrace is the world’s leading cyber AI company, having identified over 60,000 threats that would otherwise have gone unnoticed. These are the attacks that didn’t make front-page news.
Darktrace Appliance Protections
Each physical Darktrace appliance is protected using industry best practice controls, and regular testing is undertaken to ensure that the appliance is secure against threats. The appliance has a software firewall present with rate limiting and antiDoS (Denial of Service) features. Vendor administration is performed via industry-standard encrypted SSH (Secure Shell) protocol.
Connections to and from the Darktrace appliance(s) are encrypted, using high-grade TLS encryption with perfect forward secrecy. User passwords are salted and one-way hashed for storage. Data in the system is protected from unauthorized deletion or modification by users.
User/Analyst Access Control
User accounts can be granted restricted access to subsets of the Darktrace appliance functionality. Stringent access profiles and auditing are applied to all activity on the appliance, which can be recorded and reported to a data controller.
Background: Computer-Speed Attacks
As cyber-attacks become increasingly sophisticated and fast, security teams struggle to keep up. Today, more and more attacks are highly automated, propagating themselves inside a network without a human driving each step of the attack. Moving at machine-speed, they outpace human teams virtually every time. Global ransomware attacks have already demonstrated the scale that such criminal campaigns can achieve, within very short timeframes. New advancements in technology allow attackers to execute more and more highly targeted automated attacks. In this new era of cyber security, artificial intelligence can not only detect unknown threats, but fight back against them in real time. Autonomous response is the next frontier of cyber defense – giving human security teams the vital time they need to catch up, take stock, and action further remediation if necessary.
Proven to Protect
Hundreds of organizations rely on Darktrace Antigena to take targeted, real-time actions in response to significant cyber-threats. By enforcing an organization’s normal ‘pattern of life,’ Darktrace Antigena generates and executes actions to stop in-progress ransomware and insider threat, compliance breaches, malware, and other threats, saving the security team valuable time in triaging and responding to threat alerts.
Cyber AI & Darktrace Cloud
Securing New Computing Models, Applications, Users, and Devices
The rapid adoption of cloud and SaaS services has transformed the digital business and fundamentally reshaped the challenge of defending the enterprise against advanced attacks. Driven initially by the need to cut costs and increase efficiency, the transition to the cloud now serves as an essential conduit for digital transformation projects – from applying advanced analytics to big data sets, to supporting edge computing and devices that underlie everything from smart cities to connected cars. Yet from a security perspective, these new computing models have expanded the attack surface at an alarming rate, introducing new threat vectors across an increasingly dispersed corporate network. This trend presents a special challenge for strained security teams, who must now cope with an environment where they have limited visibility and control, and where their familiar on-premise security tools are often not applicable. Additionally, the ease with which developers can spin up a cloud instance and bypass the IT or security team can expose the business to considerable risk, demanding a new DevSecOps approach which may be unfamiliar to teams who have grown up on the traditional on-premise network model.