What is the Darktrace Managed, Co-managed and DIY Services Solution?
Darktrace solely offer managed services, offering two different service types both run by Darktrace’s Cyber Analysts and Darktrace Certified Partners. Suitability for each service is chosen based on company size and fit. Further, clients can become part of the ‘Darktrace Community’. This allows them to access intelligence and support from the Cyber Analyst Team.
24/7 Proactive Threat Notification:
Leverages Security Operations Centers (SOCs) in Cambridge, San Francisco and Singapore, run by Darktrace Cyber Analysts to offer information to help client’s take action as threats occur. This provides constant coverage of significant incidents identified within the client’s ecosystem as flagged by whatever Darktrace solution is deployed. If an attack is detected, it is labeled as a Proactive Threat Notification (PTN) which ensures that all high-fidelity incidents (warning signs that an attack is currently in progress) are forwarded to a Darktrace SOC. This service is updated constantly to ensure that all high-priority breaches are detected with accuracy and speed. PTN alerts will be triaged if they are deemed to be highly indicative of attack - the decision to triage a PTN is made by a Darktrace Global Cyber Analyst, or, for more complex cases, a senior Level 3 analyst will be required to assess and understand wether the client’s organization is under an immediate attack. If an attack is detected during triage, the client’s team will need to be contacted immediately and offered information on how best to remedy the situation. All fully triaged alerts will be encrypted using a shared key which is emailed to a name distribution list within the client’s organization. Automated telephone calls and/or SMS messages may also be received should a PTN email alert be issued.
24/7 Ask the Expert:
24/7 Ask the Expert (ATE) can be accessed from the Darktrace Threat Visualizer and the Customer Portal. The feature allows clients to send queries direct to a Darktrace Cyber Analyst for expert advice during a real-time threat investigation. Accessible via the Threat Visualizer, clients can drag and drop graphics and traffic flow data into queries. From here, answers to queries are accessible via Help-> View Questions in the drop down menu, allowing client security teams to collaborate with Darktrace Analysts.
Clients can create an unlimited amount of queries via ATE. Sometimes queries will be redirected to internal training or technical operations teams if the query is less analytical and more about software functionality. Although ATE is not a direct chat feature, clients will receive priority access to the SOC if they are facing a real-time attack. The services can be constantly accessed by a standard Call Home connection from a master appliance to the Darktrace Management Center in Cambridge, UK.