Darktrace DETECT + RESPOND/Apps

Darktrace/Apps builds an evolving understanding of you to detect and respond to anomalous behavior in cloud applications.
Self-Learning AI
Detects abnormalities
Analyzes for risk and context
Conducts autonomous investigations at scale
Cyber AI Analyst
Self-Learning AI
Autonomous Response
Cyber AI Analyst
Responds to threats autonomously in seconds
Actively integrates with security stack
Supports human intervention in decision making
Connecting to all apps, via API
Darktrace interacts directly with the SaaS vendor to understand activity within that cloud service.
Deployed passively.
Analyzing every user event.
Asking millions of questions.
Darktrace/Apps detects threats using AI algorithms that make millions of calculations from real-time data. By correlating subtle anomalies, Darktrace DETECT can distinguish sophisticated threats from benign activity in your SaaS applications.
All context considered, is the user's activity normal?
And issues the perfect counter response for the threat.
Raw Datapoints
Extracted directly from cloud applications
Failed login
Resource viewed or modified
File uploaded
File downloaded
Resource created
. . .
Darktrace-Enriched Datapoints
Mathematically & AI-enhanced data features
Is this actually this user?
Does this location match expectations?
Has this user changed their credentials?
Does the user usually log in from this device?
Is this time unusual for the user? The company?
Do any other users log in from this country?
. . .
Understandable events
Complex math,
simple output
Darktrace DETECT outputs intuitive and easy-to-understand alerts, reducing time-to-meaning for security teams.
Darktrace MITRE Mapping
Darktrace DETECT models are automatically mapped to the MITRE attacks & techniques within the user interface when activity is detected
See Darktrace DETECT/Apps in your own environment. Get a demo.
Ready for your collaboration
Scales to your business needs.

One-click integrations and rapid, remote deployment makes it easy for you to add and remove SaaS applications covered by Darktrace. The frequency of Darktrace’s queries can be adjusted in consideration of any other applications that may also use HTTPS requests.
Autonomous Response for SaaS
It’s all about precision.
When a threat is detected with high confidence, Darktrace RESPOND/Apps takes action in near real time to stop an attacker or malicious insider in their tracks.

Darktrace RESPOND takes proportionate action to ensure the threat is neutralized in the least disruptive way possible.
Darktrace RESPOND/Apps can take a range of actions, according to the nature of the threat.
No action necessary
Block IPs
Restrict a user from select applications
Disable Inbox Rule
Logout User on Select Application
End a user's active sessions
Freeze user
A deeper dive into RESPOND actions:
Block suspicious IPs

Darktrace RESPOND/Apps identifies the specific origins of suspicious activities and can prevent further access. Legitimate activity can continue uninterrupted.

Disable a user's account

Darktrace RESPOND/Apps can force a user logout and disable potentially compromised accounts.

End User's Active Sessions

In cases of a high-confidence account takeover, Darktrace RESPOND/Apps will end a user's active sessions across all devices.

Fully configurable and customizable

Darktrace RESPOND operates within the parameters you tell it to.

Only on certain devices? At certain times of day? In response to certain events?

You set the guide-rails. Then let the AI do the heavy lifting.

A use case for everything
The right approach can handle anything
ENHANCE existing workflows

One-click integrations

Darktrace/Apps integrates seamlessly with all
major cloud applications.
Explore /Apps integrations
Stay in control,
wherever you are

Darktrace's alerts and actions can be viewed whenever, wherever, through the intuitive Darktrace Mobile App.
Download on:

Cyber AI Analyst

Darktrace's Cyber AI Analyst investigates every output of Darktrace DETECT to reveal the wider incident, giving you all the details you need in just one click.
Combines human expertise with the speed and scale of AI
AI Analyst is trained on an ever-growing data set of expert cyber analysts. By observing and then replicating their behavior, the technology thinks like a human investigator: asking questions, testing hypotheses, reaching conclusions.
Cuts through the noise
As a result, it can perform the heavy lifting on behalf of human teams, connecting the dots between dozens of singular events and reducing them to a handful of high priority incidents for human review.
Augments your team
AI Analyst reduces triage time by an average of 92%. This allows your security team to spend their time on strategic tasks rather than reactive fire-fighting.
The end result?
AI-generated incident reports that
anyone can understand
From your board, to your newest starter.