Named ‘Best Security Company of the Year’ in the Info Security Products Guide 2015, Darktrace is one of the world’s leading cyber threat defense companies. Its Enterprise Immune System technology detects previously unidentified threats in real time, powered by machine learning and mathematics developed at the University of Cambridge, which analyze the behavior of every device, user and network within an organization. Some of the world’s largest corporations rely on Darktrace’s self-learning appliance in sectors including energy and utilities, financial services, telecommunications, healthcare, manufacturing, retail and transportation. The company was founded in 2013 by leading machine learning specialists and government intelligence experts, and is headquartered in Cambridge, UK and Washington D.C., with offices in Dallas, London, Milan, Melbourne, New York, Paris, San Francisco, Singapore and Toronto.
The Enterprise Immune System
The Enterprise Immune System is a network solution for detecting and investigating emerging cyber threats that have evaded network border and endpoint defenses. By applying advanced mathematics to model behaviors in your enterprise, it monitors behaviors and detects anomalies in your organization’s computer and user activities. The Enterprise Immune System’s mathematical approaches do not require signatures or rules and so can detect emerging ‘unknown unknown’ attacks that have not been seen before.
Darktrace is delivered as an appliance that takes passive feeds of raw network traffic from the centers of your networks. Once connected, the technology immediately begins using a range of mathematical approaches to create numerous models of behavior for each individual user and machine within the organization. The Enterprise Immune System’s self-learning mathematics start working from day one, detecting anomalous behaviors on the network. They continue to learn on an ongoing basis – constantly updating as the organization evolves.
Creating powerful ‘pattern of life’ models of every individual and device on your network allows Darktrace to detect even subtle shifts in behaviors, such as the way someone is using technology, a machine’s data access patterns or trends in communications. This may indicate any number of potentially threatening events, such as the theft of a user’s credentials, a compromised device, or the actions of a disaffected or negligent employee.
Examples such as network reconnaissance and traversal, unexpected downloads from unusual internet domains, intranet or file system cloning, sensitive data logins from a new device and location, unusual applications and protocols, or a change in pattern of information uploading are all detectable through mathematical modeling. These activities may be worthy of investigation if they represent a significant departure from normal behavior