From the attacker's perspective, Darktrace PREVENT provides vital insights to defenders. Consequently, it enables them to identify existing devices that are externally facing or part of a critical attack path, enhancing their overall awareness of the environment.

Moreover, users benefit from contextual information about external facing assets and critical attack paths via tags in the DETECT and RESPOND user interface. This enables better decisions, quicker triage, and facilitates further modeling using this new information. For example, if PREVENT identifies a web server on a critical attack path, relevant entities receive tags in DETECT, providing crucial knowledge for detection modeling and AI Analyst investigations.

Incorporating Industry Standards for Faster Understanding

Darktrace incorporates the MITRE ATTACK Framework across the loop. Additionally, it tags devices identified by Darktrace PREVENT as sitting on a critical attack path with MITRE techniques corresponding to the inbound and outbound parts of the attack path. This provides automatic mapping to an industry-standard attack framework for auditing, compliance, and faster understanding of all components of the attack.

Richer AI Analyst Investigations

AI Analyst investigations become richer as they enrich existing investigations with malicious hostnames retrieved from PREVENT/ASM. Consequently, this indicates they are more likely to be suspicious and potentially part of an incident.

Heightening Email Security

Darktrace PREVENT/Attack Surface Management informs Darktrace/Email of potential threats, such as domain spoofing. This action heightens sensitivity around these assets and takes action when these spoof domains are used for malicious purposes. Hence, this leads to more accurate decision-making in the email realm, reducing analysis time for individual emails.

Consolidating Insights for Better Response