CLOUD COLLABORATION APP PROTECTION
Darktrace DETECT + RESPOND/Apps
Darktrace/Apps builds an evolving understanding of you to detect and respond to anomalous behavior in cloud applications.
Darktrace
DETECT
™
/
Apps
L'IA auto-apprenante
Detects abnormalities
Analyzes for risk and context
Conducts autonomous investigations at scale
Cyber AI Analyst
Darktrace
RESPOND
™
/
Apps
L'IA auto-apprenante
Réponse autonome
Cyber AI Analyst
Responds to threats autonomously in seconds
Actively integrates with security stack
Supports human intervention in decision making
SEAMLESS INTEGRATION
Connecting to all apps, via API
Darktrace interacts directly with the SaaS vendor to understand activity within that cloud service.
DARKTRACE
DETECT
TM
/
Apps
UNDERSTANDING NORMAL
Deployed passively.
Analyzing every user event.
Asking millions of questions.
Analyzing every user event.
Asking millions of questions.
Darktrace/Apps detects threats using AI algorithms that make millions of calculations from real-time data. By correlating subtle anomalies, Darktrace DETECT can distinguish sophisticated threats from benign activity in your SaaS applications.
All context considered, is the user's activity normal?
And issues the perfect counter response for the threat.
And issues the perfect counter response for the threat.
Raw Datapoints
Extracted directly from cloud applications
Login
Failed login
Resource viewed or modified
File uploaded
File downloaded
Resource created
. . .
Darktrace-Enriched Datapoints
Mathematically & AI-enhanced data features
Is this actually this user?
Does this location match expectations?
Has this user changed their credentials?
Does the user usually log in from this device?
Is this time unusual for the user? The company?
Do any other users log in from this country?
. . .
Understandable events
Complex math,
simple output
simple output
Darktrace DETECT outputs intuitive and easy-to-understand alerts, reducing time-to-meaning for security teams.
DETECT → MITRE
Darktrace MITRE Mapping
Darktrace DETECT models are automatically mapped to the MITRE attacks & techniques within the user interface when activity is detected
See Darktrace DETECT/Apps in your own environment. Get a demo.
Ready for your collaboration
Scales to your business needs.
One-click integrations and rapid, remote deployment makes it easy for you to add and remove SaaS applications covered by Darktrace. The frequency of Darktrace’s queries can be adjusted in consideration of any other applications that may also use HTTPS requests.
One-click integrations and rapid, remote deployment makes it easy for you to add and remove SaaS applications covered by Darktrace. The frequency of Darktrace’s queries can be adjusted in consideration of any other applications that may also use HTTPS requests.
DARKTRACE
RESPOND
TM
/
Apps
Autonomous Response for SaaS
It’s all about precision.
When a threat is detected with high confidence, Darktrace RESPOND/Apps takes action in near real time to stop an attacker or malicious insider in their tracks.
Darktrace RESPOND takes proportionate action to ensure the threat is neutralized in the least disruptive way possible.
Darktrace RESPOND takes proportionate action to ensure the threat is neutralized in the least disruptive way possible.
Darktrace RESPOND/Apps can take a range of actions, according to the nature of the threat.
No action necessary
Block specific connections
Restrict a user from select applications
Restrict file sharing settings for certain folders
Logout user
End a user's active sessions
...
A deeper dive into RESPOND actions:
Block Specific Connections
Darktrace RESPOND/Apps identifies the specific, external connections attempting data exfiltration, and interrupts them. Benign connections are undisturbed.
Remove a user from select applications
Darktrace RESPOND/Apps can force a user logout only on selected applications where they appear to be compromised.
Restrict File Sharing Settings
In the event of a suspicious upload of data to an internet server, Darktrace RESPOND/Apps can temporarily restrict file sharing for specific files, folders, or users.
End User's Active Sessions
In cases of a high-confidence account takeover, Darktrace RESPOND/Apps will end a user's active sessions across all devices.
Fully configurable and customizable
Darktrace RESPOND operates within the parameters you tell it to.
Only on certain devices? At certain times of day? In response to certain events?
You set the guide-rails. Then let the AI do the heavy lifting.
ENHANCE existing workflows
One-click integrations
Darktrace/Apps integrates seamlessly with all
major cloud applications.
major cloud applications.
Explore /Apps integrations
Restez dans le coup avec l'application mobile Darktrace .
La supervision complète des actions de RESPOND est assurée par l'interface Threat Visualizer de Darktraceet par l'application mobile Darktrace .
Télécharger sur :
Cyber AI Analyst
Darktrace's Cyber AI Analyst investigates every output of Darktrace DETECT to reveal the wider incident, giving you all the details you need in just one click.
Combines human expertise with the speed and scale of AI
AI Analyst is trained on an ever-growing data set of expert cyber analysts. By observing and then replicating their behavior, the technology thinks like a human investigator: asking questions, testing hypotheses, reaching conclusions.
Cuts through the noise
As a result, it can perform the heavy lifting on behalf of human teams, connecting the dots between dozens of singular events and reducing them to a handful of high priority incidents for human review.
Augments your team
AI Analyst reduces triage time by an average of 92%. This allows your security team to spend their time on strategic tasks rather than reactive fire-fighting.
The end result?
AI-generated incident reports that
anyone can understand
anyone can understand
From your board, to your newest starter.
Témoignages de clients
