Darktrace/OT use cases

Uncovers the full range of ICS threats

Because it learns your business and looks for unusual behavior, rather than looking for known threats, Darktrace/OT reveals the full range of threatening activity in your ICS environment.

Advanced Persistent Threats (APTs)

APTs are sophisticated and stealthy threat actors who may blend various IT techniques - including zero day exploits and malware applications - in order to evade detection and reach industrial systems with OT payloads. By exfiltrating OT project files and programs, and reinstalling them with modifications made by their own OT engineers, these high-resource techniques can sabotage physical processes and create highly unsafe process conditions.

Darktrace reveals and responds to subtle APT techniques, taking action to maintain safety and production processes.

Sample analysis of Darktrace/OT
Every cyber-attack is different, but here’s some unusual activity Darktrace/OT might find when uncovering an APT attack:
Beaconing Activity to External Rare
Anomalous IT to ICS Connection
Unusual Activity from OT Device
Rare External from OT Device
Unusual RDP Connections

Industrial Ransomware

Ransomware is typically fast-moving and indiscriminate, impacting OT systems both directly and indirectly. Production can be jeopardized by the reliance of OT systems on vulnerable IT services, which control crucial processes such as customer ordering, and if ransomware deliberately targets an OT network and encrypts project files and backups, the clean-up process can be costly and time-consuming.

Darktrace RESPOND takes targeted action to contain ransomware as soon as it emerges in the IT layer, when it is still far from production systems. 

Sample analysis of Darktrace/OT
Every cyber-attack is different, but here’s how an industrial ransomware attack might look in Darktrace/OT:
Unusual Activity from OT Device
Unusual Data Transfer by OT
Unusual Data Download / Upload
Suspicious SMB Activity
High Risk File and Unusual SMB

OT Cloud

The adoption of OT Cloud/ICSaaS expands an attack surface by increasing connectivity and complexity.  

Darktrace provides unified visibility across IT, OT, and the cloud, helping organisations accelerate digital transformation while mitigating the risks that it entails.

Even better with: Darktrace/Cloud and Darktrace/Apps

Sample analysis of Darktrace/OT
Here's some unusual behavior a cyber-attack spanning cloud and OT might trigger in Darktrace:
Unusual External Source for SaaS Credential Use
IaaS Security Rule Delete
Lateral Movement and C2 Activity
Anomaly then New ICS Commands
Multiple New Reprograms
No items found.

Asset Inventory

Darktrace/OT provides complete visibility and a comprehensive list of assets with many networking and device details passively collected from network traffic (or optionally using smart active identification).

An Unlimited Number of Attacks

An unlimited number of responses

Our ai. Your data.

Elevate your cyber defenses with Darktrace AI

Start your free trial
Darktrace AI protecting a business from cyber threats.