Darktrace/Endpoint use cases

Securing the modern workforce

Dive into specific threat profiles and see how to reduce time-to-meaning at the endpoint, anywhere your users go.

Ransomware

Ransomware is a multi-stage attack that can begin with a single compromised endpoint device and end with company-wide data encryption. Learn what Darktrace/Endpoint can do to neutralize it at every stage.

Initial Intrusion


Stopping threats the moment they emerge on an endpoint, network or email system is the best way to prevent business disruption. Darktrace has identified well-known exploits such as Log4J, Hafnium, Kaseya without Threat Intelligence, and spots thousands of lesser-known exploits on a regular basis.

Sample analysis of Darktrace/Endpoint
Every threat is different, but some unusual patterns Darktrace/Endpoint assess include:
Unusual Incoming RDP
Unusual file download
Unusual .exe fileTorrenting

Establish Foothold and Beaconing

Darktrace/Endpoint pieces together anomalies to detect when an attacker is attempting to make contact with and remotely control a device .

Darktrace RESPOND/Endpoint neutralizes this activity blocking specific connections or enforcing the ‘pattern of life’

Sample analysis of Darktrace/Endpoint
Every threat is different, but here are some unusual patterns Darktrace/Endpoint might assess when revealing this type of attack:
Beaconing to a young endpoint
Anomalous file downloads
Beaconing activity to external rare endpoint
Connections to unusual endpoint

Exfiltration de données

Whether smash and grab or a low and slow, DETECT/Endpoint identifies subtle deviations in activity to prevent data being exfiltrated from company devices.

Darktrace RESPOND/Endpoint neutralizes this activity by blocking specific connections, enforcing the ‘pattern of life’ or quarantining the device.

Sample analysis of Darktrace/Endpoint
Every threat is different, but here are some unusual patterns Darktrace/Endpoint might assess when revealing this type of attack:
Low and slow exfiltration
Uncommon 1 GiB Outbound
Data sent to rare domain
Unusual External Data Transfer
Unusual data download / upload to rare destination

Data Encryption

Even if familiar tools and methods are used to conduct encryption - whether symmetric or asymmetric - Darktrace detects the activity without using static rules or signatures.

Darktrace RESPOND/Endpoint neutralizes this activity by blocking specific connections, enforcing the ‘pattern of life’ or quarantining the device.

DARKTRACE - Mieux ensemble

Encore mieux lorsqu'il est déployé avec :
Sample analysis of Darktrace/Endpoint
Every threat is different, but here are some unusual patterns Darktrace/Endpoint might assess when revealing this type of attack:
Additional extension appended to SMB file
Suspicious SMB read/write ratio
Sustained MIME type conversion
Possible Ransom Note
Activité suspecte du SMB

Insider Threat

Whether a malicious leaver attempting to exfiltrate data or a careless employee misusing a company device, Darktrace’s understanding of normal patterns of life allows it to stop threats on the inside.

DARKTRACE - Mieux ensemble

Encore mieux lorsqu'il est déployé avec :
Sample analysis of Darktrace/Endpoint
Every threat is different, but here are some unusual patterns Darktrace/Endpoint might assess when revealing this type of attack:
Sustained SSL and HTTP Increase
ICMP Address Scan
Uncommon WMI Activity
Numeric Exe Download
Anomalous File Download
Activité suspecte du SMB
Multiple Unusual File Uploads
Suspicious SMB Read/Write Ratio
Fast Beaconing to DGA

Supply Chain Attack (Third Party Software Vulnerability)

Endpoints can be used as a first point of entry for expansive supply chain attacks. Darktrace stops threats arising from the supply chain by taking immediate action at the first sign of unusual and threatening activity.

DARKTRACE - Mieux ensemble

Encore mieux lorsqu'il est déployé avec :
Sample analysis of Darktrace/Endpoint
Every threat is different, but here are some unusual patterns Darktrace/Endpoint might assess when revealing this type of attack:
EXE from Rare External Location
New User Agent to IP Without Hostname
Beacon to Young Endpoint
Suspicious Self-Signed SSL
IPSec VPN to Rare IP

Crypto-Mining

Malicious crypto-mining can exploit endpoint hardware and is notoriously difficult to detect. It may also form just one phase of an attacker’s plan to infiltrate an organization.

Darktrace shines a light on open ports and internet-facing devices you didn’t know about, and detects the first stages of an attack before crypto-mining can even begin. It also alerts to crypto-mining activity itself, and can be configured to stop the activity autonomously.

Sample analysis of Darktrace/Network
Every threat is different, but here are some unusual patterns Darktrace/Endpoint might assess when revealing this type of attack:
Crypto Currency Mining Activity
Slow Beaconing Activity to External Rare
Suspicious Beacons to Rare PHP Endpoint
SMB Drive Write

An Unlimited Number of Attacks

Un nombre illimité de réponses

Bonne nouvelle pour votre entreprise.
Mauvaise nouvelle pour les méchants.

Commencez votre essai gratuit

Commencez votre essai gratuit

Livraison flexible
Cloud-based deployment.
Installation rapide
Une heure seulement pour la mise en place - et encore moins pour un essai de sécurité du courrier électronique.
Choisissez votre voyage
Essayez Self-Learning AI là où vous en avez le plus besoin - y compris dans le cloud, sur le réseau ou par courriel.
Aucun engagement
Accès complet à Darktrace Threat Visualizer et à trois rapports sur mesure sur les menaces, sans obligation d'achat.
For more information, please see our Privacy Notice.
Thanks, your request has been received
A member of our team will be in touch with you shortly.
YOU MAY FIND INTERESTING
Oups ! Un problème est survenu lors de la soumission du formulaire.

Obtenez une démo

Livraison flexible
Vous pouvez l'installer virtuellement ou avec du matériel.
Installation rapide
Une heure seulement pour la mise en place - et encore moins pour un essai de sécurité du courrier électronique.
Choisissez votre voyage
Essayez Self-Learning AI là où vous en avez le plus besoin - y compris dans le cloud, sur le réseau ou par courriel.
Aucun engagement
Accès complet à Darktrace Threat Visualizer et à trois rapports sur mesure sur les menaces, sans obligation d'achat.
Merci ! Votre soumission a été reçue !
Oups ! Un problème est survenu lors de la soumission du formulaire.