No two attacks are the same
Ransomware
Initial Intrusion
Darktrace DETECT / Network has revealed well-known exploits such as Log4J, Hafnium, Kaseya, as well as thousands of lesser-known exploits on a regular basis.
Establish Foothold and Beaconing
When an attacker attempts to make contact with and remotely control a device, Darktrace pieces together subtle anomalies.
Darktrace RESPOND/Network neutralizes this activity by blocking specific connections, enforcing the ‘pattern of life’ or quarantining the device.
Lateral Movement
As an attacker begins to increase their knowledge of the network, perform scans, and escalate their privileges - for instance by obtaining admin credentials, Darktrace DETECT / Network correlates thousands of data points.
RESPOND/Network neutralizes this activity blocking specific connections or enforcing the ‘pattern of life’
Data Exfiltration
Whether smash and grab or a low and slow, Darktrace DETECT / Network identifies subtle deviations in activity.
Darktrace RESPOND/Network neutralizes this activity by blocking specific connections, enforcing the ‘pattern of life’ or quarantining the device.
Data Encryption
Even if familiar tools and methods are used to conduct encryption - whether symmetric or asymmetric - Darktrace detects the activity without using static rules or signatures.
Darktrace RESPOND/Network neutralizes this activity by blocking specific connections, enforcing the ‘pattern of life’ or quarantining the device.
Crypto-Mining
Crypto-mining is notoriously difficult to detect, and it can form just one phase of an attacker’s plan to infiltrate a network.
Darktrace shines a light on open ports and internet-facing devices you didn’t know about, and detects the first stages of an attack before crypto-mining can even begin. It also alerts to crypto-mining activity itself, and can be configured to stop the activity autonomously.
Credential Stuffing
Credential stuffing is a type of brute-force attack that relies on automated tools to test large volumes of stolen usernames and passwords across multiple sites until one works.
On the network side, Darktrace can detect instances of credential stuffing through a number of unusual behaviors.
Mergers & Acquisitions
By learning every asset for your organization and its subsidiaries, Darktrace reduces cyber risk during M&A, both in the due dilligence phase and post acquisition.
An Unlimited Number of Attacks
An Unlimited Number of Responses