The Industrial Immune System

Self-learning threat detection and response

Pioneered by Darktrace, and inspired by the human immune system, the Industrial Immune System uses advanced machine learning and artificial intelligence algorithms to deliver the world’s first cyber defense platform capable of identifying novel and emerging threats on industrial networks.

The traditional approach to cyber defense relies on the predefinition of threat – determining in advance the possible methods of attack against IT and OT networks. This strategy has proved itself incapable of defending today’s converged and dynamic networks from ever more sophisticated and targeted forms of attack. Tackling the novelty of modern attacks amid the growing complexity of our networks, requires an approach to threat detection that does not rely on prior knowledge of historical threats or definitions of what ‘malicious’ looks like.

The human immune system has evolved to deal with a similar challenge, by learning ‘self’ and continually adapting to new environments and novel threats. Indeed, the immune system is able to detect and defend against pathogens without having to have encountered them before.

Darktrace applies the same principles to defend industrial environments from cyber-attack, using machine learning and AI algorithms. Darktrace continually learns and develops an evolving understanding of ‘self’ for your organization. Every user, device on the network, controller on the factory floor, and field device has a unique ‘pattern of life’. By building unique mathematical models for every networked device across the organization, Darktrace is able to understand the normal functioning of ICS environments, and detect the subtle deviations and changes that occur during an attack, which would otherwise go unnoticed.

Like the human immune system, Darktrace Industrial Immune System does not rely on knowledge of previous attacks, or manual specification of what ‘normal’ looks like for a particular control environment. It works automatically to map, understand, and learn how different networks function and interact, and begins working from day one to identify threatening behaviors in real time.

AI & Machine Learning

Learns the ‘self’ of your organization – automatically

Artificial intelligence and machine learning present a significant opportunity to the cyber security industry. Today, new machine learning methods can vastly improve the accuracy of threat detection and enhance network visibility thanks to the greater amount of computational analysis they can handle. They are also heralding in a new era of autonomous response, where a machine system is sufficiently intelligent to understand how and when to fight back against in-progress threats.

From the outset, Darktrace rejected the assumption that data relating to historical attacks could predict future ones. Instead, Darktrace’s cyber AI platform uses unsupervised machine learning to analyze network data at scale, and makes billions of probability-based calculations based on the evidence that it sees. Instead of relying on knowledge of past threats, it independently classifies data and detects compelling patterns.

Darktrace’s world-leading cyber AI allows thousands of organizations across the globe to identify and respond to all kinds of threats and highlights deviations from ‘normal’ behavior that require attention. It is the best proven, most scalable and most accurate artificial intelligence platform used today in the enterprise.

Request our Industrial Control Systems White Paper
“Darktrace AI detects threats that others miss.”
William Reid, Director of IT, Wyndham New Yorker

Defending Industrial Networks

ICS, SCADA, Industrial IoT – learning the ‘pattern of life’ for every control environment

Industrial networks come in many forms, whether controlling batch manufacturing on the factory floor, overseeing a vast power grid, or monitoring the smart cities of the future, our control systems are becoming increasingly complex and interconnected. As OT and IT networks converge, the threat to critical infrastructure is growing and the need to understand and secure industrial networks has become unavoidable.

Modern industrial networks are highly complex systems involving the interaction of diverse and bespoke devices – legacy products, proprietary protocols, and custom solutions often work side by side with corporate IT technologies and the new generation of Internet of Things devices. This complexity can outstrip and overwhelm the ability of security teams to monitor and defend against cyber-attack and operational risk. In environments where availability and safety are key, this lack of visibility and understanding is a direct threat to the business.

Darktrace’s immune system approach is designed to learn ‘self’ for all forms of networked devices. Regardless of protocol or vendor, whether the device is a PLC or cloud database, Darktrace Industrial learns the unique ‘pattern of life’ for every entity on the industrial network. By learning without assumptions, Darktrace’s understanding of self is unique to each ICS that it is deployed within, and makes no distinction between IT, OT or IoT environments.

Intelligence Experts

Applying leading intelligence techniques to defend industry

The founders of Darktrace include senior members of the US and UK governments’ cyber communities, from the NSA, CIA, MI5 and GCHQ.

Our expert team have had experience on the frontline of cyber defense, and have been responsible for the protection of critical national assets – people, public services, and core intellectual property – from some of the most insidious threats in operation, including both sophisticated insider attacks and large-scale, state-sponsored espionage groups.

Next: Products