Darktrace Immune system – a self-learning cyber AI for cloud security
What Darktrace can do?
Darktrace Enterprise Immune System is a self-learning cyber AI technology that detects novel attacks and insider threats at an early stage.
Modeled on the human immune system, the Enterprise Immune System learns and understands ‘self’ for everyone and everything in the business, and can spot the subtle signals of an advanced attack — without relying on rules, signatures, or prior assumptions.
Darktrace’s Enterprise Immune System protects data and systems wherever they are, correlating its insights across diverse environments. This includes: Cloud, SaaS, Email, On premise network, IoT and Operational Technology (OT) systems.
Dartktrace’s Antigena Network is the world’s first Autonomous Response solution for the enterprise. Powered by self-learning AI, it is the only solution that can interrupt attacks at machine speed and with surgical precision, even if the threat is targeted or entirely unknown.
- Learns ‘self’ to detect cloud-based threats other tools miss
- Correlates activity across hybrid and multi-cloud environments
- 100% real-time visibility that leaves attackers with nowhere to hide
- Automatically investigates security incidents with Cyber AI Analyst
Advanced Cloud security simplified.
Network traffic analysis (NTA) uses a combination of machine learning, advanced analytics and rule-based detection to detect suspicious activities on enterprise networks. NTA tools continuously analyze raw traffic and/or flow records to build models that reflect normal network behavior. (Source: Gartner)
Why NTA tools are important for advance threat management?
- To implement behavioral-based network traffic analysis tools to complement signature-based
- To include NTA-as-a-feature solutions in their evaluations, if they are available from security information and event, firewall, or other security products.
- To focus on scalability
How Darktrace Immune system works?
Darktrace Antigena, an optional product that complements Immune system and can provide autonomous response capabilities, uses multiple techniques (e.g., TCP Reset, applying Active Lists via firewall integrations) to automatically mitigate threats to the customer’s environment.