self-learning AI For the modern Cloud infrastructure

Darktrace DETECT + RESPOND/Cloud

Darktrace/Cloud learns what makes your cloud environment unique, building an understanding of every user, instance, and container and how they interact. With this evolving knowledge, it can detect and respond to the advanced threats that others miss.
DaRKTRACE
DETECT
/
Cloud
Self-Learning AI
Detects abnormalities
Analyzes for risk and context
Conducts autonomous investigations at scale
Cyber AI Analyst
DaRKTRACE
RESPOND
/
Cloud
Self-Learning AI
Autonomous Response
Cyber AI Analyst
Responds to threats autonomously in seconds
Actively integrates with security stack
Supports human intervention in decision making
DARKTRACE
DETECT
TM
/
Cloud
UNDERSTANDING NORMAL
Deployed passively,
analyzing every connection.
Darktrace DETECT extracts hundreds of metrics from the raw data it receives from all of your cloud platforms. Which data packets you wish to capture are up to you: security teams can choose to take in all traffic to spot threats, while network engineers hone in on specific issues with packet filters and flexible configurations.
Raw Datapoints
Extracted directly from cloud connections
Source port
Destination port
Application Protocol
SMB Version
. . .
Darktrace-Enriched Datapoints
Mathematically & AI-enhanced data features
Suspicious read/write ratio?
Unusual connectivity for this device?
Potential network scanning?
Irregular beaconing behavior?
. . .
Cloud metrics determined by data from all of your cloud environments are analyzed against AI models of varying importance and weight, all of which are self-determined for each organization as more data is observed.
All context considered, Darktrace DETECT asks: is this behavior normal?
Raw Datapoints
Extracted directly from cloud activity
Source port
Destination port
Application Protocol
Low
SMB Version
. . .
Darktrace-Enriched Datapoints
Mathematically & AI-enhanced data features
Suspicious read/write ratio?
Unusual connectivity for this device?
High
Potential network scanning?
Irregular beaconing behavior?
Low
. . .
And communicates its detections to RESPOND to determine
the perfect counter  the threat.
No action necessary
Rewrite the suspicious link
No action necessary
Understandable events
Complex math,
simple output
Darktrace DETECT outputs intuitive and easy-to-understand alerts, reducing time-to-meaning for security teams.
DETECT → MITRE
Darktrace MITRE Mapping
Dartkrace DETECT models are automatically mapped to the
MITRE ATT&CK framework within the Darktrace user interface.
Ready for your future.
Darktrace/Cloud grows with you, adapting to each new change in your business.

No tweaking and tuning required.

Quickly configure and expand coverage of your environment with automation tools. Darktrace offers AWS Cloud formation Quickstart and Azure ARM Quickstart to provide you with autoscaling, and its osSensors are designed to scale easily as new instances are spun up.
DARKTRACE
Respond
TM
/
Cloud
Autonomous response in the cloud
An instant, targeted response to cloud attacks.
Of the millions of daily connections made, Darktrace DETECT's analysis of the unusual events are further analyzed by Darktrace RESPOND.

Darktrace RESPOND takes in events, combines it with the overall context of the environment, as well as human guide-rails, to determine in milliseconds the best possible response.
Darktrace RESPOND has a range of actions it can take to cut cloud attacks short.
And crucially, it knows which to take, and where to take them.
RESPOND ACTION
No action necessary
Block specific connections
Darktrace/Cloud identifies the specific, external connections attempting data exfiltration, and interrupts them. Benign connections are undisturbed.
Enforce custom business priorities
Enforce device's patterns of life
Enforce group pattern of life
Enforcing a device’s pattern of life is a precise and non-disruptive way to stop a threat. By taking this action, Darktrace/Cloud reverts data flows back to what is healthy and normal for the business, and prevents further attack stages from being carried out.
Block all outgoing traffic
Block all incoming traffic
Block all traffic
And in reality, these can translate into an
infinite number of actions, all determined and taken on the spot:
No action necessary
Block connections to 10.100.1.1 over port 437
Block encrypted connections to 192.168.37.18
Block RDP connections to 10.115.1.3
Block connections over port 45 for 1 hour
Block incoming connections to 10.100.1.4
Terminate instance XYZ
. . .

All in real time.

Cyber-attacks move faster in the cloud.

The speed and efficiency the cloud offers is also a lure for attackers. It takes seconds for an attacker with the right access key to begin scaling up instances to mine crypto... but Darktrace RESPOND stops them instantly.

Blog Spotlight

Yours to own
Fully configurable and customizable
Darktrace RESPOND operates within the parameters you tell it to. Only on certain devices? At certain times of day? In response only to certain events?

You set the guide-rails. Then let the AI do the heavy lifting.
Slips AI into existing workflows

Integrates with existing tools

Action can be taken independently or via integrations with native security controls, maximizing the return on other security investments.

Alerts are sent wherever you want them.
Explore cloud integrations
Stay in the loop with the Darktrace Mobile App
Full oversight of Darktrace RESPOND's actions is provided through Darktrace’s Threat Visualizer interface, and via the Darktrace
Mobile App.
Download on:
A use case for everything
The right approach can handle anything

Cyber AI Analyst

Darktrace's Cyber AI Analyst investigates every output of Darktrace DETECT to reveal the wider incident, giving you all the details you need in just one click.
Combines human expertise with the speed and scale of AI
AI Analyst is trained on an ever-growing data set of expert cyber analysts. By observing and then replicating their behavior, the technology thinks like a human investigator: asking questions, testing hypotheses, reaching conclusions.
Cuts through the noise
As a result, it can perform the heavy lifting on behalf of human teams, connecting the dots between dozens of singular events and reducing them to a handful of high priority incidents for human review.
Augments your team
AI Analyst reduces triage time by an average of 92%. This allows your security team to spend their time on strategic tasks rather than reactive fire-fighting.
The end result?
AI-generated incident reports that
anyone can understand
From your board, to your newest starter.