Cyber-Security SEIM | IDS
At last we have a threat-visualizer that gets the “visualize” part right! Do you know when someone is fork-lifting chunks of data out of your network?
- See only legitimate threats with Darktrace self-learning machine algorithms
- See what machines and network pathways are actually impacted
- Intrusion detection, data exfiltration, insider threats, malware attacks, ransomware encryption, viral propagation, network performance, broadcast storms, misrouted connections, down systems
Darktrace gives us threat detection information in ways we can actually use… They show us the Network!
Self-learning, real-time detection, simple-intuitive interface that lets even a non-technical user quickly surf through all subnets, WAN and LAN, to all devices from coffee-makers to servers getting the who? what? where? when? answered in a second!
When I first was introduced to Darktrace, it was the user interface that immediately captured my imagination. Finally we transitioned from page after page of IP addresses with blinking yellow, red, green dots, identifying everything from a Windows Update to a broken Anti-virus client and wasting all of our time and money with inumerable false positives.
With Darktrace presenting threats within the CONTEXT of the network, our expert IT administrators or a security analyst, can see at a glance if something deserves more attention or not…
Then I got impressed because the machine learning algorithms work. On a 30,000 node network with 2,000 subnets spread across Europe and North America, the tuned system was generating between 5-10 alerts a day.
Tuning takes anywhere from 1-2 months, depending on complexity and frequency of use information (i.e. the machine that gets turned on 2x a month is going to take longer to learn). So just about the time we’re wrapped up with the $0 / no obligation Proof of Value, Darktrace is already calibrated and ready to go.
Now we know that everyone wants a system that doesn’t just detect the problems but also auto-magically solves them. Well, everyone except the IT Professionals who actually take care of your networks and see time and again how “auto-healing” = “auto-breaking”… And Darktrace is making fast strides to add “AntiGena” (i.e. response automation like closing ports, shutting down services, and quarantining suspicious objects). But even without these add-ons, the ability to see someone lifting huge volumes of data out of your company or a machine spewing traffic when it shouldn’t even be active is a huge benefit to identifying a problem and being able to get to it and address it before it becomes a disaster.