Open main menu
Home
Random
Donate
Recent changes
Special pages
Community portal
Preferences
About Stockhub
Disclaimers
Search
User menu
Talk
Contributions
Create account
Log in
Editing
Darktrace
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Company Overview == Darktrace is a provider of proactive, AI-led threat detection and response security solutions covering on-premises network, cloud, SaaS, email, endpoints and Industrial IoT/OT environments. Darktrace’s threat detection and response approach assumes that cyber threats will succeed in breaching the organization (unlike perimeter defence technologies that seek to prevent threats from entering the organization’s digital estate) and detects and responds to these threats from within the enterprise. Darktrace does not rely on historical signatures-based detection / rules-based response playbook; instead, its technology aims to learn the ‘patterns of life’ for an enterprise (using unsupervised machine learning), creating a constantly evolving baseline for ‘normal’ behavior, and detects & responds to deviations from the normal. By learning the organization’s ‘self’, Darktrace’s approach promises to weed out subtle, previously unseen patterns and emerging threats that would otherwise go unnoticed. Darktrace was founded in Cambridge, UK, in 2013. Today, Darktrace serves >6.5k customers (across all industries, from providers of critical public services such as healthcare and energy through to banks, retailers and manufacturers) in over 110 countries and has more than 1.7k employees globally. === Product overview === Darktrace’s cyber AI platform provides coverage across an enterprise’s network (on- premises, cloud and SaaS), email and endpoints. Further, Darktrace will roll out solutions tackling preventative security and remediation/healing post attacks as part of its continuous AI security loop. Given its breadth of offerings and platform approach, Darktrace does not fit neatly into any particular cybersecurity sub- segment. The use-cases targeted by Darktrace’s product overlap with NDR (Network Detection and Response), XDR (eXtended Detection and Response), EDR (Endpoint Detection and Response) and SIEM (Security Incident and Event Management) solutions. Darktrace’s self-learning technology underpins its Cyber AI platform which includes the following core product families: * Immune System (Detection): This product forms the basis of Darktrace’s “detection” offering. Darktrace offers two variations of the Immune System – the Enterprise Immune System and the Industrial Immune System (for OT environments). The Immune System learns from the organization’s data (from across cloud, SaaS, networks, client devices, industrial/IoT and email) to form a bespoke and constantly evolving understanding of a business’s digital environment. Darktrace creates this bespoke model of normal behavior for an organization by monitoring and analyzing network traffic across the organization’s digital estate. To monitor and analyze on-premises network traffic, Darktrace will deploy a physical device (appliance) that ingests real-time network traffic via a SPAN port or network tap. Darktrace’s vSensors (and OS-sensors) provide visibility into traffic between virtual machines in cloud deployments (these virtual sensors in turn feed network traffic data to a master appliance, either located on-premises or cloud-hosted, to create a holistic picture of an organization’s activity). Similarly, for endpoints, Darktrace’s cSensors provide visibility into and map the behavior of endpoints that are off the VPN. Darktrace Immune System integrates with other security tools via an open and extensible architecture, enabling ingestion of new forms of telemetry from other security tools (such as firewalls and EDRs). * Antigena (Response): The Antigena product family forms the basis of Darktrace’s autonomous response capabilities. The Antigena product works in two modes, i.e. the autonomous mode and the human confirmation mode. In autonomous mode, Antigena automatically takes action against a flagged attack to enforce normal business operations (e.g. by interrupting connections via TCP resets and integrations with other point security solutions such as network access control, firewalls or EDR tools); in the human confirmation mode, the customer must decide manually how to respond to the flagged attack. Beyond the enterprise network (Antigena for Network), Darktrace’s offerings also include coverage for email (Antigena Email) and endpoints (Antigena for Endpoint). * Cyber AI analyst (Investigation): This product offering is aimed at augmenting the capabilities of cybersecurity analyst teams by automating threat investigation at machine speed. Cyber AI analyst automatically triages, interprets and reports on security incidents. Darktrace claims that Cyber AI analyst reduces triage time by up to 92%. Cyber AI analyst can also be integrated with tools across an enterprise’s security stack, allowing investigations to be triggered based on telemetry data from security tools such as CrowdStrike or Carbon Black. The incident reports generated by Cyber AI analyst can be exported to an SIEM, SOAR or ticketing system. * ‘Prevent’ and ‘Heal’ product families to round out the continuous AI security loop: In addition to the detection, response and investigation capabilities offered through the above product families, Darktrace is trialing (with early adopters) proactive security technology via its ‘Prevent’ product family. The idea underpinning the Prevent product suite is to identify and strengthen vulnerable attack pathways (which lead to key assets). The company plans to roll out its Prevent product suite more broadly to customers by mid-CY22. Darktrace announced the acquisition (first since inception) of Cybersprint, an attack surface management company that brings an ‘outside-in’ view of an organization’s security posture (complementing Darktrace’s ‘inside-out’ view of the organization) to eliminate blind spots and detect risks. Darktrace will pay €47.5m for Cybersprint, corresponding to 12.5x ARR – the amount will be paid approx. 75% in cash and 25% in equity. An attack surface is essentially the sum total of an organization’s assets (hardware, software, cloud, SaaS) that store, process or transmit sensitive data. Attack surface management involves the discovery, inventory, prioritization and security monitoring of an organization’s internet- exposed assets. The acquisition of Cybersprint complements Darktrace’s foray into proactive cyber security (with the ‘Prevent’ product suite). Darktrace highlighted that Attack Surface Management will be available as a new module in the Prevent product family. In addition to Detect, Respond, Investigate and Prevent product families, Darktrace is researching AI-driven healing as a means to aid human teams in the remediation process in the aftermath of an attack. ==== Sensors ==== Darktrace’s cybersecurity products utilize sensors placed within the enterprise’s digital infrastructure – these sensors can be delivered physically (using an appliance) or virtually (in software). Darktrace has two primary distribution centers for its physical appliances: one based at its HQ in Cambridge, which focuses on shipments outside of Europe and the other in Dublin, which focuses on shipments throughout Europe. The physical appliances use standard components that are built into server units by Darktrace suppliers at its distribution sites. Darktrace receives pre-built server units and will then load software onto the appliance, including customer specific pre-configurations. Each Darktrace physical appliance is encoded such that it can only be used in conjunction with Darktrace products. The company can prepare hundreds of appliances a day that are ready to be shipped to customer sites. In some regions, Darktrace utilizes channel partners for onward transport and installation of the appliances. In addition, Darktrace has its own technical team (including cyber technicians and engineers) who will perform site visits and installations, where possible. === Customer base === Darktrace’s customer base has expanded from 1,659 in 2018 (period ending in Jun- 18) to 6,531 as of Dec-21 (growing 40% YoY during 1H22), with products deployed in more than 110 countries. The customers span all industries and sizes – Financial Services, Darktrace’s biggest industry vertical by number of customers, represented 19% of total customers as of Feb-21. No single customer accounted for more than 10% of revenue in 1H22, 2021 and 2020. By geography (based on contractual location), US and Canada account for the biggest portion of total revenue (38% in 1H22, of which US was 34%), followed by Europe (24%), UK (17%) and Rest of the World (21%). Some Darktrace customers include City of Las Vegas, FarFetch, McLaren Group, Micron, Samsung, Ted Baker, Kohl’s, Coca Cola, NHS, Serco, Funding Circle, etc. '''Figure 4: Customer split % (by volume) by industry vertical (as of Feb-21)'''<ref name=":2">Source: Company data.</ref> [[File:Figure 4.png]] '''Figure 5: Period-end number of customers<ref>Source: Company data; FY ends in Jun.</ref>''' [[File:Figure 5.png]] '''Figure 6: Revenue split by geography (%)<ref>Source: Company data; revenue from customers has been attributed to the geographic market based on contractual location; FY ends in Jun.</ref>''' [[File:Figure 6.png]] ==== Churn ==== The majority of Darktrace customers fall in the SMB/mid-market category, with ~85% of customers with contract size up to $100k in ARR. This portion has remained fairly consistent in recent years. Customers with contract size less than $100k in ARR contributed 51% of total ARR during 1H22. The company has demonstrated a track record of driving higher platform adoption across new and existing customers. The portion of customers purchasing more than one product has increased from 47% in 2019 to 88% in 1H22 (with the portion of customers purchasing four or more products (out of a possible 10 currently) rising from 5% in 2019 to 43% in 1H22). The majority of Darktrace customers buy multiple products at the initial point of purchase. '''Figure 7: Customer split by contract ARR size<ref>Source: Company data; FY ends in Jun.</ref>''' [[File:Figure 7.png]] '''Figure 8: % of customers using more than one Darktrace product<ref>Source: Company data; FY ends in Jun.</ref>''' [[File:Figure 8.png]] Darktrace reported 1-year gross ARR churn of 6.4% as of end-1H22 (six-month period ending in Dec-21) vs. 7.6% exiting Jun-21. As expected, Darktrace sees higher churn among customers with contract size less than $100k in ARR. Darktrace’s 1-yr gross ARR churn is higher compared to other cybersecurity vendors (such as Crowdstrike, which reported 1-yr gross ARR churn of ~2% in FY21) given its SMB/mid-market heavy customer base. Darktrace reported net ARR retention rate of 105.1% in 1H22 (increasing from 99.1% in 2020 and 102.9% in 2021) – the increase in net ARR retention rate is a function of higher product upsell/cross-sell and stabilizing churn. Darktrace is investing in its customer success function, which should help stabilize churn and drive higher upsells/cross-sells at the point of renewal. That said, given the SMB/mid-market heavy customer base (which is characterized by higher churn compared to larger enterprise customers) and multiple products purchased at the initial point of sale (which limits the scope of cross-sells), Darktrace does not expect to see a significant improvement in net ARR retention rate going forward (the improvement, if any, is likely to be more gradual). '''Figure 9: Period-end 1-year gross ARR churn (%)<ref>Source: Company data; one-year gross ARR churn rate is defined as the ARR value of customers lost from the existing customer cohort one year prior to the measurement date, divided by the total ARR value of that existing customer cohort (this metric reflects only customer losses and does not reflect expansions or contractions); FY ends in Jun.</ref>''' [[File:Figure 9.png]] '''Figure 10: Period-end net ARR retention rate (%)<ref>Source: Company data; net ARR retention rate is defined as the current ARR value for all customers that were customers one year prior to the measurement date, divided by their ARR one year prior to the measurement date (this metric reflects customer losses, expansions and contractions); FY ends in Jun.</ref>''' [[File:Figure 10.png]] === Go-to-market === Darktrace sees its offerings as complementary to an enterprise’s existing security investments. The company sees a large greenfield opportunity for its products (a potential addressable customer base of >150k across industries) – accordingly, Darktrace remains focused on acquiring new customers and driving high platform adoption at the initial point of purchase. Darktrace’s lead generation comes from different sources including: * Inside sales; * Marketing events; * Partner channel; * Self-prospecting; * Inbound enquiries. Post lead generation, Darktrace primarily relies on ‘highly replicable and scalable’ POV (Proof of Value) trials of its technology to acquire new customers. The POV trials require minimal set-up and scoping and allow a potential new customer to evaluate Darktrace’s Cyber AI platform on its own digital estate free of charge. The trials typically run over a 30-day period. Darktrace notes that its Cyber AI platform detects serious threats that other security tools have missed in 77% of POV trials – according to Darktrace, this drives a high conversion rate post trials. The figure below summarizes Darktrace’s POV playbook – the company highlights that the average length of the sales cycle from session 1 to contract completion is 84 days. Given Darktrace’s strategic focus on acquiring new customers, its ARR growth is dependent on the scaling of its POV trials. This in turn is dependent on hiring of new account executives (AEs). Darktrace has indicated that ~24% of its POVs were generated exclusively by its inside sales team. The inside sales teams are incentivized based on the number of qualified meetings booked as % of closed deals. Around 28% of Darktrace’s POVs come from the partner channel. '''Figure 11: Snapshot of Darktrace's POV-led sales cycle'''<ref name=":2" />'''<br />'''[[File:20220407 JP Morgan DARK-LN Darktrace- Path to sustainable profitable growth unclear Page 17 Image 0002.png]] Darktrace sells its platform both directly to customers and through its channel partners (including resellers and managed security service providers). A majority of Darktrace’s sales (~65%) are generated via its direct sales personnel. ==== Direct sales ==== Darktrace’s approach to building its direct sales team relies on hiring and training fresh graduates from universities (Darktrace does not hire tenured enterprise salespeople). New account executives hired by Darktrace deliver first POV and sales in their third and fifth months of employment, respectively. Thus, Darktrace considers a salesperson to be productive only in their fifth month of employment. The salesperson is subject to quotas and targets that scale with the duration of employment. The incentive structure for salespeople includes a formal commission on sales (including uncapped commission on new deals, upsells and renewals). Approx. 50% of the commission is paid on accepted bookings and approx. 50% upon successful account management, over the first year. ==== Channel partners ==== Darktrace sees its partner channel primarily as a source of lead generation, rather than a channel to offload services/implementation, as Darktrace’s technology is relatively easy to set up, according to the company. Darktrace’s partners consist of value-added resellers, managed security service providers and technology partners that offer solutions complementary to Darktrace’s offering. Darktrace has more than 370 active channel partners including Atos, BT, Reply, SHI, Bytes, Computacenter, Eurofins, Telstra, Sis, Nth Generation and ConvergeOne. Darktrace does not rely on any single partner for a significant portion of its sales, with its largest partner accounting for ~2% of 1H21 sales. In terms of commercial arrangement, Darktrace works with its channel partners on a margin sharing basis (5-30%, depending on the involvement in the deal).
Summary:
Please note that all contributions to Stockhub may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Stockhub:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)