CLOUD COLLABORATION APP PROTECTION

Darktrace DETECT + RESPOND/Apps

Darktrace/Apps builds an evolving understanding of you to detect and respond to anomalous behavior in cloud applications.
DaRKTRACE
DETECT
/
Apps
Self-Learning AI
Detects abnormalities
Analyzes for risk and context
Conducts autonomous investigations at scale
Cyber AI Analyst
DaRKTRACE
RESPOND
/
Apps
Self-Learning AI
Autonomous Response
Cyber AI Analyst
  • Responds to threats autonomously in seconds
  • Actively integrates with security stack
  • Supports human intervention in decision making
SEAMLESS INTEGRATION
Connecting to all apps, via API
Darktrace interacts directly with the SaaS vendor to understand activity within that cloud service.
DARKTRACE
DETECT
TM
/
Apps
UNDERSTANDING NORMAL
Deployed passively.
Analyzing every user event.
Asking millions of questions.
Darktrace/Apps detects threats using AI algorithms that make millions of calculations from real-time data. By correlating subtle anomalies, Darktrace DETECT can distinguish sophisticated threats from benign activity in your SaaS applications.
All context considered, is the user's activity normal?
And issues the perfect counter response for the threat.
Raw Datapoints
Extracted directly from cloud applications
Login
Failed login
Resource viewed or modified
File uploaded
File downloaded
Resource created
. . .
Darktrace-Enriched Datapoints
Mathematically & AI-enhanced data features
Is this actually this user?
Does this location match expectations?
Has this user changed their credentials?
Does the user usually log in from this device?
Is this time unusual for the user? The company?
Do any other users log in from this country?
. . .
Understandable events
Complex math,
simple output
Darktrace DETECT outputs intuitive and easy-to-understand alerts, reducing time-to-meaning for security teams.
DETECT → MITRE
Darktrace MITRE Mapping
Darktrace DETECT models are automatically mapped to the MITRE attacks & techniques within the user interface when activity is detected
See Darktrace DETECT/Apps in your own environment. Get a demo.
Ready for your collaboration
Scales to your business needs.

One-click integrations and rapid, remote deployment makes it easy for you to add and remove SaaS applications covered by Darktrace. The frequency of Darktrace’s queries can be adjusted in consideration of any other applications that may also use HTTPS requests.
DARKTRACE
RESPOND
TM
/
Apps
Autonomous Response for SaaS
It’s all about precision.
When a threat is detected with high confidence, Darktrace RESPOND/Apps takes action in near real time to stop an attacker or malicious insider in their tracks.

Darktrace RESPOND takes proportionate action to ensure the threat is neutralized in the least disruptive way possible.
Darktrace RESPOND/Apps can take a range of actions, according to the nature of the threat.
No action necessary
Block specific connections
Restrict a user from select applications
Restrict file sharing settings for certain folders
Logout user
End a user's active sessions
...
A deeper dive into RESPOND actions:
Block Specific Connections

Darktrace RESPOND/Apps identifies the specific, external connections attempting data exfiltration, and interrupts them. Benign connections are undisturbed.

Remove a user from select applications

Darktrace RESPOND/Apps can force a user logout only on selected applications where they appear to be compromised.

Restrict File Sharing Settings

In the event of a suspicious upload of data to an internet server, Darktrace RESPOND/Apps can temporarily restrict file sharing for specific files, folders, or users.

End User's Active Sessions

In cases of a high-confidence account takeover, Darktrace RESPOND/Apps will end a user's active sessions across all devices.

Fully configurable and customizable

Darktrace RESPOND operates within the parameters you tell it to.

Only on certain devices? At certain times of day? In response to certain events?

You set the guide-rails. Then let the AI do the heavy lifting.

A use case for everything
The right approach can handle anything
ENHANCE existing workflows

One-click integrations

Darktrace/Apps integrates seamlessly with all
major cloud applications.
Explore /Apps integrations
Stay in the loop with the Darktrace Mobile App
Full oversight of Darktrace RESPOND's actions is provided through Darktrace’s Threat Visualizer interface, and via the Darktrace
Mobile App.
Download on:

Cyber AI Analyst

Darktrace's Cyber AI Analyst investigates every output of Darktrace DETECT to reveal the wider incident, giving you all the details you need in just one click.
Combines human expertise with the speed and scale of AI
AI Analyst is trained on an ever-growing data set of expert cyber analysts. By observing and then replicating their behavior, the technology thinks like a human investigator: asking questions, testing hypotheses, reaching conclusions.
Cuts through the noise
As a result, it can perform the heavy lifting on behalf of human teams, connecting the dots between dozens of singular events and reducing them to a handful of high priority incidents for human review.
Augments your team
AI Analyst reduces triage time by an average of 92%. This allows your security team to spend their time on strategic tasks rather than reactive fire-fighting.
The end result?
AI-generated incident reports that
anyone can understand
From your board, to your newest starter.