Machine Learning & Artificial Intelligence

Darktrace is the world’s leading AI company for cyber security. Created by mathematicians, the Enterprise Immune System uses machine learning and AI algorithms to detect and respond to cyber-threats across diverse digital environments, including cloud and virtualized networks, IoT and industrial control systems. The technology is self-learning and requires no set-up, identifying threats in real time, including zero-days, insiders and stealthy, silent attackers. Darktrace is headquartered in San Francisco and Cambridge, UK, and has over 30 offices worldwide.



Anomaly detection driven by unsupervised machine learning

  • Self-learning; learns on the job
  • Adaptive; evolves with your organization
  • Probabilistic; understands the likelihood of a threat
  • Fight back; autonomously responds to high-priority incidents
  • Real-time; detects threats as they emerge
  • Works from day one; delivers instant value
  • No false positives; identifies subtle, weak indicators
  • Data agnostic; ingests all data sources
  • Highly accurate; models human, device, and enterprise activity
  • Scalable; largest deployment has over 1 million users
  • All networks & devices; works on physical and virtual networks, cloud, ICS

Legacy Approach

The legacy approach to cyber security rests on the assumption that threats can be defined in advance and prevented through rules and signatures. This strategy can detect threats with known signatures but is unable to adapt to novel attacks or latent threats that are as yet undiscovered.

Organizations relying exclusively on the legacy approach invest large amounts of time and money into perimeter controls in an attempt to protect their networks from malicious actors. Despite this, the majority of corporate networks have been compromised to some extent. Threats of all kinds have proven capable of overcoming perimeter controls, and employees and other insiders with access to the network can readily exploit blind-spots in traditional defenses.

The fundamental limitation to this rules-based approach lies in the exceptions. The nuances of context that make a rule appropriate in one scenario, but inappropriate in another, cannot be captured by the binary logic of rules stacks. Accommodating these exceptions is laborious and often counter-productive.

Indeed, the result of using rules-based systems is a large number of false alarms and missed attacks. As false positives accumulate, confidence in the alarm system is undermined. A system with regular false alarms is one of the best environments to attack. If there is no confidence in the alarm system, a hacker can be confident that his activity is unlikely to draw attention.

The Enterprise Immune System

Darktrace’s vision is to fundamentally transform cyber security by providing organizations with a scalable ‘immune system’ platform that can discern patterns in data flows, detect novel threats as they unfold and autonomously fight back at machine speed.

Our approach is based on the principles of the human immune system, which is able to actively adapt to illnesses by discerning the evolving patterns of activity within the body. These patterns constitute the self of the immune system, which is used as a measure of normal or abnormal behavior. Through this process of self-learning, the immune system automatically responds to new threats that our bodies have never experienced before.

Darktrace was the first company to use machine learning to create an ‘immune system’ mode of defense that works for organizations of all sizes and types, and tackles a constantly-evolving threat landscape. Based on a combination of machine learning and probabilistic mathematics, Enterprise Immune System technology is the only cyber security solution capable of defending against novel threats that evade other controls.

Darktrace Threat Detection

The proprietary technology powering the Enterprise Immune System platform provides organizations with the ability to detect emerging threats and visualize their networks simultaneously. Combining machine learning and AI algorithms, Darktrace detects cyber-threats and anomalous activity that consistently evade traditional security tools.

The solution works by analyzing raw network data, and then creating unique models for every user and device, and for the relationships between them. Leveraging its unique machine learning, Darktrace forms an evolving understanding of an organization’s ‘pattern of life’, spotting very subtle changes in this sense of ‘self’, as they occur. These abnormalities are continuously correlated and filtered in order to detect emerging threats and anomalies. By taking new information into account and comparing it against past events, Darktrace is able to find these anomalies both in real time at their nascent stages, and retrospectively as well.

Designed to work in all sizes of organizations, including large and complex networks with tens of thousands of users, Darktrace’s technology filters out the noise in your network, autonomously finding the threats that are worthy of investigation. In addition, it is capable of working in inherently uncertain and dynamic environments, continually re-evaluating probabilities based on changing evidence. Against its evolving sense of ‘normal’ behavior, it can accurately pinpoint genuinely suspicious activity – even if the hallmarks of the attack have never been seen before, either by the company or the broader security community.

Virtualization, Cloud, and SaaS

Establishing network-level monitoring of virtualized computing environments can pose a significant challenge to organizations, as they embrace hybrid infrastructures and opt for virtual servers in their data centers. Virtualized environments can therefore leave blind spots – information flows in and out of the host server can be monitored, but the traffic inside is invisible.

The Threat Visualizer

The Threat Visualizer is Darktrace’s unique 3D graphical interface, providing total visibility of all network activity, including both traditional and non-traditional IT. The Threat Visualizer is designed for users with varying levels of experience: business executives can use the Dynamic Threat Dashboard and global map to understand activity and threats at a high-level; junior analysts can gain context around alerts before investigating; and experienced analysts can drill down into specific incidents in great detail.

Darktrace technology can be delivered as a physical appliance or a virtual machine in the cloud, which is easily and rapidly installed within an hour at a SPAN port on your network. The appliance passively monitors data in real time, without disrupting business operations, and provides instant visibility into all network activity, notifying of in-progress attacks or emerging threats.

For more information, call our security consultants at +31 (0) 345 506 105 or send an email to


Sourcefire, Niksun, Netwrix, Redsocks, Rapid 7, Unomaly, Logpoint, Isight Partners