Open main menu
Home
Random
Donate
Recent changes
Special pages
Community portal
Preferences
About Stockhub
Disclaimers
Search
User menu
Talk
Contributions
Create account
Log in
Editing
Darktrace
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Product overview === Darktrace’s cyber AI platform provides coverage across an enterprise’s network (on- premises, cloud and SaaS), email and endpoints. Further, Darktrace will roll out solutions tackling preventative security and remediation/healing post attacks as part of its continuous AI security loop. Given its breadth of offerings and platform approach, Darktrace does not fit neatly into any particular cybersecurity sub- segment. The use-cases targeted by Darktrace’s product overlap with NDR (Network Detection and Response), XDR (eXtended Detection and Response), EDR (Endpoint Detection and Response) and SIEM (Security Incident and Event Management) solutions. Darktrace’s self-learning technology underpins its Cyber AI platform which includes the following core product families: * Immune System (Detection): This product forms the basis of Darktrace’s “detection” offering. Darktrace offers two variations of the Immune System – the Enterprise Immune System and the Industrial Immune System (for OT environments). The Immune System learns from the organization’s data (from across cloud, SaaS, networks, client devices, industrial/IoT and email) to form a bespoke and constantly evolving understanding of a business’s digital environment. Darktrace creates this bespoke model of normal behavior for an organization by monitoring and analyzing network traffic across the organization’s digital estate. To monitor and analyze on-premises network traffic, Darktrace will deploy a physical device (appliance) that ingests real-time network traffic via a SPAN port or network tap. Darktrace’s vSensors (and OS-sensors) provide visibility into traffic between virtual machines in cloud deployments (these virtual sensors in turn feed network traffic data to a master appliance, either located on-premises or cloud-hosted, to create a holistic picture of an organization’s activity). Similarly, for endpoints, Darktrace’s cSensors provide visibility into and map the behavior of endpoints that are off the VPN. Darktrace Immune System integrates with other security tools via an open and extensible architecture, enabling ingestion of new forms of telemetry from other security tools (such as firewalls and EDRs). * Antigena (Response): The Antigena product family forms the basis of Darktrace’s autonomous response capabilities. The Antigena product works in two modes, i.e. the autonomous mode and the human confirmation mode. In autonomous mode, Antigena automatically takes action against a flagged attack to enforce normal business operations (e.g. by interrupting connections via TCP resets and integrations with other point security solutions such as network access control, firewalls or EDR tools); in the human confirmation mode, the customer must decide manually how to respond to the flagged attack. Beyond the enterprise network (Antigena for Network), Darktrace’s offerings also include coverage for email (Antigena Email) and endpoints (Antigena for Endpoint). * Cyber AI analyst (Investigation): This product offering is aimed at augmenting the capabilities of cybersecurity analyst teams by automating threat investigation at machine speed. Cyber AI analyst automatically triages, interprets and reports on security incidents. Darktrace claims that Cyber AI analyst reduces triage time by up to 92%. Cyber AI analyst can also be integrated with tools across an enterprise’s security stack, allowing investigations to be triggered based on telemetry data from security tools such as CrowdStrike or Carbon Black. The incident reports generated by Cyber AI analyst can be exported to an SIEM, SOAR or ticketing system. * ‘Prevent’ and ‘Heal’ product families to round out the continuous AI security loop: In addition to the detection, response and investigation capabilities offered through the above product families, Darktrace is trialing (with early adopters) proactive security technology via its ‘Prevent’ product family. The idea underpinning the Prevent product suite is to identify and strengthen vulnerable attack pathways (which lead to key assets). The company plans to roll out its Prevent product suite more broadly to customers by mid-CY22. Darktrace announced the acquisition (first since inception) of Cybersprint, an attack surface management company that brings an ‘outside-in’ view of an organization’s security posture (complementing Darktrace’s ‘inside-out’ view of the organization) to eliminate blind spots and detect risks. Darktrace will pay €47.5m for Cybersprint, corresponding to 12.5x ARR – the amount will be paid approx. 75% in cash and 25% in equity. An attack surface is essentially the sum total of an organization’s assets (hardware, software, cloud, SaaS) that store, process or transmit sensitive data. Attack surface management involves the discovery, inventory, prioritization and security monitoring of an organization’s internet- exposed assets. The acquisition of Cybersprint complements Darktrace’s foray into proactive cyber security (with the ‘Prevent’ product suite). Darktrace highlighted that Attack Surface Management will be available as a new module in the Prevent product family. In addition to Detect, Respond, Investigate and Prevent product families, Darktrace is researching AI-driven healing as a means to aid human teams in the remediation process in the aftermath of an attack. ==== Sensors ==== Darktrace’s cybersecurity products utilize sensors placed within the enterprise’s digital infrastructure – these sensors can be delivered physically (using an appliance) or virtually (in software). Darktrace has two primary distribution centers for its physical appliances: one based at its HQ in Cambridge, which focuses on shipments outside of Europe and the other in Dublin, which focuses on shipments throughout Europe. The physical appliances use standard components that are built into server units by Darktrace suppliers at its distribution sites. Darktrace receives pre-built server units and will then load software onto the appliance, including customer specific pre-configurations. Each Darktrace physical appliance is encoded such that it can only be used in conjunction with Darktrace products. The company can prepare hundreds of appliances a day that are ready to be shipped to customer sites. In some regions, Darktrace utilizes channel partners for onward transport and installation of the appliances. In addition, Darktrace has its own technical team (including cyber technicians and engineers) who will perform site visits and installations, where possible.
Summary:
Please note that all contributions to Stockhub may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Stockhub:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
