self-learning AI For the modern network

Darktrace DETECT + RESPOND/Network

Darktrace/Network builds an evolving understanding of you. By learning all the interactions that take place in your network, it detects and responds to unpredictable and novel cyber-threats.
DaRKTRACE
DETECT
/
Network
Self-Learning AI
Detects abnormalities
Analyzes for risk and context
Conducts autonomous investigations at scale
Cyber AI Analyst
DaRKTRACE
RESPOND
/
Network
Self-Learning AI
Autonomous Response
Cyber AI Analyst
Responds to threats autonomously in seconds
Actively integrates with security stack
Supports human intervention in decision making
DARKTRACE
DETECT
TM
/
Network
UNDERSTANDING NORMAL
Analyzing every connection,
asking millions of questions.
Darktrace/Network brings Self-Learning AI to your data centers and offices, analyzing data in milliseconds, in real time, as it occurs. For every packet, every connection, Darktrace is running deep packet inspection to extract raw datapoints and enriching the concrete information.
Raw Datapoints
Extracted directly from network data
Source port
Destination port
Application protocol
SMB version
. . .
Darktrace-Enriched Datapoints
Mathematically & AI-enhanced data features
Suspicious read/write ratio?
Is connectivity unusual for device?
Resembles a network scan?
Appears to be irregular beaconing?
. . .
Once raw and calculated metrics are extracted, Darktrace Self-Learning AI works to understand the connections in their entirety, with Darktrace DETECT spotlighting any unusual metrics and issuing a score, which are picked up by Darktrace RESPOND and prioritized and, at the right time, surfaced to the security team and their stack.
All context considered, is the connection normal?
Raw Datapoints
Extracted directly from network data
Source port
Destination port
Application Protocol
Low
SMB Version
. . .
Darktrace-Enriched Datapoints
Mathematically & AI-enhanced data features
Is suspicious read/write ratio?
Is connectivity unusual for device?
High
Resembles a network scan?
Appears to be irregular beaconing?
Low
. . .
And communicates its detections to Darktrace RESPOND to determine
the perfect counter response for the threat.
No action necessary
Block connections over port 45 for 3 hours
No action necessary
Understandable events
Complex math,
simple output
Darktrace DETECT outputs intuitive and easy-to-understand alerts, reducing time-to-meaning for security teams.
DETECT → MITRE
Darktrace MITRE Mapping
Dartkrace DETECT models are automatically mapped to the
MITRE ATT&CK framework within the user interface
DARKTRACE
RESPOND
TM
/
Network
Disarm an attack in seconds with autonomous response
It’s all about precision.
The first autonomous response solution proven to work in the enterprise. Working with Darktrace DETECT, Darktrace RESPOND autonomously contains and disarms threats, all supported by micro-decision making driven by AI.

Autonomous Response is not a ‘one size fits all’. It takes the least aggressive action necessary to contain the threat, without disrupting your business.

Of the millions of daily connections made, Darktrace DETECT's analysis of the unusual events are further analyzed by RESPOND's autonomous response technology.

Autonomous Response takes in event data, combines it with the overall context of the environment, as well as human guide-rails to determine in milliseconds the best possible response.
Darktrace RESPOND has a range of actions it can take to cut attacks short.
And crucially, it knows which to take, and where to take them.
RESPOND ACTION
No action necessary
Block specific connections
Darktrace RESPOND/Network  can determine which connections to block, even if the port, protocol, or IPs have never before been seen or used maliciously.
Enforce custom business priorities
Enforce device's patterns of life
Enforce group pattern of life
Darktrace’s granular understanding of a device’s normal behavior means that, when that device is compromised, RESPOND can enforce its ‘pattern of life’. So the malicious activity stops, but it can continue behaving as it normally does.
Block all outgoing traffic
Block all incoming traffic
Block all traffic
And in reality, these can translate into an
infinite number of actions, all determined and taken on the spot:
No action necessary
Block connections to 10.100.1.1 over port 437
Block encrypted connections to 192.168.37.18
Block RDP connections to 10.115.1.3
Block connections over port 45 for 1 hour
Block incoming connections to 10.100.1.4
Terminate instance
. . .
Fully configurable and customizable

Darktrace RESPOND operates within the parameters you tell it to.

Only on certain devices? At certain times of day? In response only to certain events?

You set the guide-rails. Then let the AI do the heavy lifting.

Insert AI into your existing workflows

Integrates with existing tools

Action can be taken independently or via integrations with native security controls, maximizing the return on other security investments.

Alerts are sent wherever you want them.
Explore /Network integrations
A use case for everything
The right approach can handle anything
Stay in the loop with the Darktrace Mobile App
Full oversight of Darktrace RESPOND's actions is provided through Darktrace’s Threat Visualizer interface, and via the Darktrace
Mobile App.
Download on:

Cyber AI Analyst

Darktrace's Cyber AI Analyst investigates every output of Darktrace DETECT to reveal the wider incident, giving you all the details you need in just one click.
Combines human expertise with the speed and scale of AI
AI Analyst is trained on an ever-growing data set of expert cyber analysts. By observing and then replicating their behavior, the technology thinks like a human investigator: asking questions, testing hypotheses, reaching conclusions.
Cuts through the noise
As a result, it can perform the heavy lifting on behalf of human teams, connecting the dots between dozens of singular events and reducing them to a handful of high priority incidents for human review.
Augments your team
AI Analyst reduces triage time by an average of 92%. This allows your security team to spend their time on strategic tasks rather than reactive fire-fighting.
The end result?
AI-generated incident reports that
anyone can understand
From your board, to your newest starter.

Good news for your business.
Bad news for the bad guys.

Get a Demo

Start your free trial

Flexible delivery
You can either install it virtually or with hardware.
Fast install
Just 1 hour to set up – and even less for an email security trial.
Choose your journey
Try out Self-Learning AI wherever you most need it — including cloud, network or email.
No commitment
Full access to the Darktrace Threat Visualizer and three bespoke Threat Reports, with no obligation to purchase.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get a demo

Flexible delivery
You can either install it virtually or with hardware.
Fast install
Just 1 hour to set up – and even less for an email security trial.
Choose your journey
Try out Self-Learning AI wherever you most need it — including cloud, network or email.
No commitment
Full access to the Darktrace Threat Visualizer and three bespoke Threat Reports, with no obligation to purchase.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.