Darktrace’s technology vision is a continuous, Cyber AI Loop™, where each capability autonomously feeds back into the system as a whole, continuously improving the state of cyber security.

Identifies Exposed Assets 

Overview:

Darktrace PREVENT feeds back information that will allow defenders to identify which of their existing devices is externally facing or is part of a critical attack path, providing a better overall awareness of their environment.

Value Provided:

Users get contextual information about external facing assets and critical attack paths via tags in the DETECT and RESPOND user interface. This allows better decision-making and quicker triage. It also allows for further modeling utilizing this new information.

Example:

PREVENT identifies a web server sitting on a critical attack path, and the server (and other relevant entities on the attack path) is tagged in DETECT. This crucial knowledge is subsequently used in detection modeling, AI Analyst investigations and by humans using Darktrace.

Incorporates MITRE ATTACK Framework Across the Loop 

Overview:

Devices identified by Darktrace PREVENT as sitting on a critical attack path will be tagged with MITRE techniques corresponding with the inbound and outbound part of the attack path.

Value Provided:

Automatic mapping to an industry-standard attack framework for various auditing and compliance, as well as a faster time-to-understanding of all components of the attack.

AI Analyst Investigations Become Richer

Overview:

Malicious hostnames are retrieved from PREVENT/ASM and enrich existing AI Analyst investigations by indicating that they are even more likely to be suspicious. This information is then used to produce an incident.

Value Provided:

Malicious asset observed on the attack surface are utilized in AI Analyst investigations and might be used for further incident enrichment. This helps users to understand the external scope of incidents involving malicious assets.

Pre-emptively Informs Darktrace/Network of Malicious Domains

Overview:

When PREVENT/Attack Surface Management finds a potential threat – such as a domain spoofing your brand for the purposes of malware delivery – this is
fed through to Darktrace/Email (formerly Antigena Email), which heightens
sensitivity around these assets and takes action when these spoof domains are used for malicious purposes. PREVENT/End-to-End will feed critical metrics on impact, damage, exposure, and weakness through to Darktrace/ Email, which will factor these into its decision-making.

Value Provided:

Organizations benefit from more accurate decision-making in the email realm, reducing time needed to analyze and release individual emails. Feeding E2E metrics into Darktrace/ Email allows for more informed actions, as the system now knows the potential consequences of an attack targeting a specific user. For example, stronger actions can be enforced for users who are known to have a high potential impact in case of compromise.

Example:

ASM identifies the brand impersonation ‘dar.ktrace.com’ as a phishing website being set up. ‘dar.ktrace. com’ is automatically added to Darktrace DETECT/ Network’s ‘Watched Domains’ list – meaning any network connection attempts to the phishing website will be detected in the network immediately.

Forewarms Darktrace/Email of Malicious Domains

Overview:

Assets confirmed as malicious by PREVENT/Attack Surface Management automatically become ‘Watched Domains’ in Darktrace/Network.

Value Provided:

Security teams investigating Darktrace’s findings can now consolidate insights from inside the business and externally on the attack surface in a single pane of glass.

Example:

In the scenario above, Darktrace/Email is on heightened alert for inbound mail coming from ‘dar.ktrace.com’, and will increase the sensitivity of its detections and actions accordingly.