Darktrace Immune System

By Darktrace

Self-learning Cyber AI to discover unpredictable cyber-threats

Extending Self-Learning AI to the Endpoint

The Darktrace Immune System harnesses scalable, self-learning AI to understand the digital DNA of an organization and illuminate unpredictable cyber-threats at an early stage. By learning the normal ‘patterns of life’ of every person and device in a business, the technology discovers novel attacks and insider threats that other tools miss, while delivering complete visibility. Darktrace integrates seamlessly with CrowdStrike to extend its self-learning AI to the endpoint. By ingesting alerts from CrowdStrike Falcon, Darktrace brings rich, host-level context to bear on AI detections and Cyber AI Analyst investigations across the business.
    Self-Learning AI Discovers Unpredictable Cyber-Threats
    Darktrace’s native integration with CrowdStrike extends the platform’s visibility to security events picked up by CrowdStrike at the endpoint, which are then merged with Darktrace’s analysis of ‘patterns of life’ in the rest of the environment. This includes behavior in email, cloud, and collaboration tools, as well as IoT, ICS, and the corporate network. Together, Darktrace and CrowdStrike ensure that even the most subtle and persistent threats have nowhere to hide.
    Autonomous Response Interrupts Attacks in Seconds
    Autonomous Response operates as a decision-making framework that can be deployed to take self-directed actions or integrate with firewalls in the network, neutralize workforce threats in collaboration tools, or stop spear phishing and impersonation attacks in email. CrowdStrike alerts ingested by Darktrace can inform Antigena’s decisions and actions in the context of malicious behavior detected elsewhere in the organization.
    AI Investigations Automatically Triage, Interpret, and Report Security Incidents
    By adapting on the fly, the system can quickly interpret and report on security incidents characterized by innovative attack techniques that would be impossible to capture with static playbooks. It also goes beyond human operators by operating with the speed, scale, and consistency of AI and following hundreds of parallel threads simultaneously. With the integration enabled, Cyber AI Analyst can incorporate CrowdStrike alerts into its AI investigations and even leverage CrowdStrike alerts as the trigger for a new investigation.