Keeping pace with evolving threats
World-class detection is half the battle, but threat sophistication and volume is growing exponentially as attackers begin to harness AI.
Defenders are increasingly relying on defensive AI to autonomously respond to the most severe incidents, buying back time for human teams and enabling a shift to a more proactive state.
85% of Darktrace customers now deploy detection and autonomous response in parallel.
Navigating Industry Challenges
Rise in gen AI attacks
Generative AI is significantly accelerating the pace of cyberattacks by enabling malicious actors to create more sophisticated and frequent threats
Siloed solutions
With tool sprawl security teams struggle to manage fragmented data, lacking the full context needed for effective threat detection. This increases workloads, making it harder to stay ahead of evolving threats
Multi-domain attacks
These attacks deliver new threat variants at machine-speed across an organizations digital estate evading traditional detection tools
Organized cybercrime
Human-operated ransomware was up 200% in 2023 making it easier for malicious actors to launch attacks with ease and speed at minimal costs
(Source: Microsoft Digital Defense Report, 2023)
Buying back time
The ActiveAI Security Platform provides unmatched visibility and novel threat detection across the entire business, from cloud and email through to network and OT. Adding Autonomous Response to stop threats in minutes buys time for the security team to focus on critical incidents and develop a proactive security posture
Eliminate alert triage
Triage alerts with AI-led investigations at speed and scale reducing maintenance work for SOC analysts
Achieve a proactive state
With more time teams can focus on identifying exposed assets, vulnerabilities, and attack paths so that potential risks can be addressed before an attack occurs
Targeted, Intelligent, Customizable
Autonomous Response is an integral piece of the Darktrace ActiveAI Security Platform. Real-time Autonomous Response stops unknown threats with surgical precision, keeping your business fully operational while buying your SOC valuable time.
Precise action based on an understanding of your organization
As attacks evolve, modern response needs to take precise, targeted action to contain only the threatening activity, without interrupting normal business operations. This requires a deep, evolving understanding of your unique business – the same understanding developed and relied on by Darktrace’s real-time threat detection.
The right action at the right time
Darktrace natively and autonomously responds to anomalous network activity as standard, using the following response actions. These capabilities are out-of-the-box, with no scripting required:
Automatically chooses the best option using information gathered from the alert. For example, if the alert concerns suspicious behavior to an SMB share on port 445, it may block connections just to that port
Blocks the specific connection and all future connections that match the same criteria. For example, the FTP block prevents all future outbound connections to port 21 from the target device
Only allows actions Darktrace considers normal, either for the specific device in question, or at least for the (auto-identified) peer group, depending on severity of perceived threat
Or quarantine device entirely, depending on nature and severity of the threat
For example, integrating with a third-party firewall to block specific IPs, or integrating with Microsoft Defender for Endpoint or Crowdstrike to invoke capabilities on host-based agents to quarantine, isolate or contain devices
Stay in control, build trust in AI decision-making
Darktrace’s response can run fully autonomously, or operate within guiderails set by your team. It can, for example, be set to operate only at certain times, on certain devices, or in response to certain events. Many organizations start in Human Confirmation mode and switch to fully autonomous mode within weeks.
Autonomous Response in action
Detecting & Containing Gootloader Malware
Learn how Darktrace helps detect and contain multi-functional threats like the Gootloader malware. Stay ahead of cyber threats with Darktrace AI solutions.
Darktrace’s Investigation of Fog Ransomware
Read on to find out about Darktrace’s investigation into this novel ransomware threat
Darktrace's Detection of Medusa Ransomware
Known to use living off the land techniques to infect target networks and encrypt and exfiltration data. Medusa was stopped in its tracks by Darktrace.
How Darktrace Defeated SmokeLoader Malware
Read how Darktrace's AI identified and neutralized SmokeLoader malware. Gain insights into their proactive approach to cybersecurity.
How Darktrace Uncovered a Matrix Ransomware Attack
A Darktrace customer was affected by KOK08, a ransomware strain commonly used by the Matrix ransomware family. Learn more about the tactics used and how Darktrace stops this threat.
How Darktrace Stopped Akira Ransomware
Learn how Darktrace is uniquely placed to identify and contain the novel Akira ransomware strain, first observed in March 2023.
See Autonomous Response in action
Streamlining security operations: Autonomous Response for the modern business
A guide to managing Autonomous Response in the enterprise.
See why Darktrace is a Gartner Customer’s Choice for Network Detection and Response
Talk to your Darktrace account team today to learn more about adding autonomous response to your security stack
