Netify offers a free SD-WAN & Network Security vendor briefing, learn about Gartner rated solutions in 1 hour.
Register your interest, sessions are free and hosted by our SD-WAN and Network research team.
Learn MoreView all Netify blog categories
The Netify blog contains a wealth of data and guidance for IT decision makers researching SD-WAN and Network Security.
Learn MoreNetify is the first marketplace with a focus on SD WAN & SASE Cybersecurity. We employ researchers to list Gartner leaders, niche players and startups across WAN and security. The Netify advisory is available for free to help make sense of the decision making process by offering vendor briefings and tools to help your business find the right solution fit.
Darktrace was founded in 2013 and has its headquarters in Cambridge, United Kingdom. They currently support over 5,500 customers and offices in more than 110 countries, specializing in providing complex machine learning and AI solutions. Their solutions include Autonomous Response, Intelligence Augmentation and Self-learning AI. In 2017 and 2019 Darktrace’s software engineering team received the MacRobert Award for prestigious innovation from the Royal Academy of Engineering. The company has also received "AI Cyber Product of the Year" at the National Cyber Awards 2021. Darktrace Immune System won in the Threat Detection category at the Fortress Cyber Security Awards 2021 and "Best Enterprise Security Solution (Cyber AI Analyst)" at the SC Awards 2021.
Author: Netify Research Team
If you have questions about Darktrace and how their capability is aligned to your needs, email the Netify research team. UK: uk@netify.co.uk North America: northamerica@netify.com
(Please use the UK email for ROW - Rest of the World - questions or enquiries)
Request the very latest Darktrace SASE data sheet PDF directly from your local account team. Please check your junk folder if not received.
Book a demo of the Darktrace SD WAN and SASE security capability over Zoom or Teams. Learn about their management portal, deployment, SLA and support. You will receive an email asking for times/dates, please check your junk folder if not received.
Request your local in-country sales contact. You will receive details as soon as possible - please check your junk folder if not received.
Darktrace specialize in advanced machine learning and AI solutions that are designed to complement an existing comprehensive cybersecurity perimeter. Their Self-Learning technology is predicted to offer a high return on investment, due to it’s ability to become increasingly efficient with each threat exposure. However, although based on machine learning and AI, the solution is not a complete replacement for client’s security teams - instead the solution complements existing IT teams. As such, this solution should be utilized by enterprises in industries that face a high threat level of sophisticated cyberattacks or regular and frequent “en mass” attacks.
Take our 90 second assessment quiz to find out which top 3 vendors or managed providers are a match for your answers.
List of the pros and cons associated with Darktrace Cybersecurity.
Consider the points below to compare Darktrace vs ExtraHop vs FireEye Cybersecurity.
Click the service provider logo to find out more about each respective Cybersecurity solution.
Darktrace is best known for their AI technologies. Self-Learning AI was developed in Cambridge in 2013 and powers a majority of Darktrace’s solutions. The technology can be applied to any business system (such as email or in the cloud), removing the need for data migration. It works by creating a deep understanding of all business environments - the more complex, the better as data collected from a variety of users, devices and environments can be used to create a deeper understanding. Self-Learning AI is also able to implement autonomous response, with the ability to react to and interrupt cyber attacks in less than a minute. In some instances, the technology is capable of reacting to threats without requiring the need for human intervention.
Darktrace Autonomous Response is powered by Self-Learning AI. The solution is designed to automatically know what action to take in the event of an attack in order to contain it. A variety of environments can be secured, including cloud, SaaS, email and the corporate network.
Darktrace Self-Learning AI powers Autonomous Response by constantly updating it’s knowledge of a company’s digital infrastructure to improve response precision, enforcing ‘pattern of life’ on infected devices/entities. The solution contains a variety of ransomware technologies:
Darktrace Intelligence Augmentation is designed to complement a human IT security team by investigating facets of attacks. The technology mimics human intuition by combining multiple information sources in order to prioritize workloads whilst carrying out threat investigations in real-time. The solution was developed over three years by studying the way security analysts react to output from Darktrace’s Self-Learning AI, in order to understand how security experts follow leads and create hypotheses.
Darktrace Intelligence Augmentation sits on top of Self-Learning AI and provides a second layer of AI leveraging supervised machine learning to assess the output of the findings. These findings can be presented in any language as required using Natural Language Processing to summarize key information which reduces time to meaning and time to response.
AI Process of Investigation:
1). A lead is generated - this could be a single alert or event.
2). The lead kickstarts the investigation and the AI generates hypotheses to understand the nature of the possible threat and underlying cause.
3). Data is queried in an attempt to refine, confirm or deny the hypotheses using custom algorithms.
4). The process repeats until an in-depth and accurate as possible description is generated of the nature and root cause of the incident.
Darktrace for Cloud is Darktrace’s cloud security solution. Leveraging Self-Learning AI for hybrid and multi-cloud environments, the technology is compatible with Azure, AWS and Google Cloud providers. The solution learns ‘patterns of life’ for users, devices, instances and containers from the start, which allows it to respond efficiently to random and unknown cyber attacks.
The solution is agnostic to different data forms and continuously revises it’s understanding of normal behaviors across multiple cloud workloads in real-time. Response times are quick, offering efficient targeted action whilst leveraging the Darktrace Immune System for protection across all business environments (cloud, email, SaaS, endpoints, the corporate network, OT and IoT). An example of how this is deployed in Cloud Security is that AI can match up suspicious activity on a user’s Office 365 account with a linked AWS login - Darktrace will understand that an account takeover has occurred and begin automatically remedying the situation.
Darktrace is commonly used to detect:
Darktrace supports remote users with their Cyber AI solution. Powered by Self-Learning AI, the technology makes use of triage services and Autonomous Response to continuously update whilst on the job, offering 100% visibility across cloud, email and the corporate network. The solution is able to spot compromised credentials in applications such as Salesforce, Microsoft 365, Box, Google Workspace and more. A number of threats can be prevented using Darktrace, such as data loss (when a user steals, manipulates or leaks critical data), email attacks (spear phishing, social engineering and novel strains of ransomware) and admin abuse (sensitive file access or data destruction).
Darktrace solely offer managed services, offering two different service types both run by Darktrace’s Cyber Analysts and Darktrace Certified Partners. Suitability for each service is chosen based on company size and fit. Further, clients can become part of the ‘Darktrace Community’. This allows them to access intelligence and support from the Cyber Analyst Team.
24/7 Proactive Threat Notification:
Leverages Security Operations Centers (SOCs) in Cambridge, San Francisco and Singapore, run by Darktrace Cyber Analysts to offer information to help client’s take action as threats occur. This provides constant coverage of significant incidents identified within the client’s ecosystem as flagged by whatever Darktrace solution is deployed. If an attack is detected, it is labeled as a Proactive Threat Notification (PTN) which ensures that all high-fidelity incidents (warning signs that an attack is currently in progress) are forwarded to a Darktrace SOC. This service is updated constantly to ensure that all high-priority breaches are detected with accuracy and speed. PTN alerts will be triaged if they are deemed to be highly indicative of attack - the decision to triage a PTN is made by a Darktrace Global Cyber Analyst, or, for more complex cases, a senior Level 3 analyst will be required to assess and understand wether the client’s organization is under an immediate attack. If an attack is detected during triage, the client’s team will need to be contacted immediately and offered information on how best to remedy the situation. All fully triaged alerts will be encrypted using a shared key which is emailed to a name distribution list within the client’s organization. Automated telephone calls and/or SMS messages may also be received should a PTN email alert be issued.
24/7 Ask the Expert:
24/7 Ask the Expert (ATE) can be accessed from the Darktrace Threat Visualizer and the Customer Portal. The feature allows clients to send queries direct to a Darktrace Cyber Analyst for expert advice during a real-time threat investigation. Accessible via the Threat Visualizer, clients can drag and drop graphics and traffic flow data into queries. From here, answers to queries are accessible via Help-> View Questions in the drop down menu, allowing client security teams to collaborate with Darktrace Analysts.
Clients can create an unlimited amount of queries via ATE. Sometimes queries will be redirected to internal training or technical operations teams if the query is less analytical and more about software functionality. Although ATE is not a direct chat feature, clients will receive priority access to the SOC if they are facing a real-time attack. The services can be constantly accessed by a standard Call Home connection from a master appliance to the Darktrace Management Center in Cambridge, UK.
Clients can benefit from Darktrace’s Customer Portal, which is an online platform offering clients information about their security environments and allowing them to access product updates and resources from Darktrace security teams. The Portal also includes expert commentary from the Darktrace team of Cyber Analysts which highlight threat trends, case studies and product functionality from the Darktrace community. In the Customer Portal, clients can configure SOC contacts and messaging delivery methods and raise software and hardware support questions and feature requests. Further, user guides, educational videos and FAQs are available and can be accessed within the Portal.
Darktrace have integrations with the following:
SIEM & SOAR:
Firewalls, Network Access Control Lists (NACLs) and Preventative Controls:
Endpoints:
Ticketing System & Case Management:
Asset & Inventory Management:
VPN and Zero Trust Technologies:
Darktrace have over 500 partners globally which include:
Darktrace is also compliant with the British Standards Institution (BSI) ISO/IEC 27001:2013 Information Security Management standard.
The Darktrace solution covers cloud, e-mail, endpoint, Software-as-a-Service (SaaS), network, operational technology (OT) and is commonly used in the following industry verticals:
The most comprehensive top 10 guide we have ever created.
Please complete the form to ask a question or send a message directly to Darktrace. Netify have carefully curated global sales contacts based on your IP location. If you do not receive contact, please check your junk folder.
Book a demo of the Darktrace SD WAN and SASE security capability over Zoom or Teams. Learn about their management portal, deployment, SLA and support. You will receive an email asking for times/dates, please check your junk folder if not received.
A Netify Vendor Briefing is a 30 minute Zoom research session for IT decision makers, and an opportunity to learn about the vendors products, services and business strategies specifically or a related technology or market. We'll also discuss their competitors and which other solutions your business should consider. If you do not receive contact, please check your junk folder.