Darktrace Industrial is a fundamental type of technology that implements a real-time ‘immune system’ for operational technologies, including SCADA, monitoring those environments in real time and defending them from the most sophisticated cyber-threats.
Applying Darktrace’s machine learning and AI algorithms to the challenge of defending operational environments, Darktrace Industrial learns a unique ‘pattern of life’ for every device, controller and user on industrial networks, and correlates these insights in order to spot emerging threats that would otherwise go unnoticed.
With Darktrace, organizations with industrial networks have the ability to:
- Detect and respond to emerging threats, both novel and tailored.
- Detect threats regardless of whether these originate in IT domains or operational domains.
- Investigate malware compromises and insider risks as they emerge and also through all stages of the attack lifecycle.
- Identify threats in real time, allowing for intelligence-based decisions in live situations, while also enabling in-depth investigations into historical activity.
- Cover both IT and OT networks within a single interface.
Darktrace Industrial passively ingests network data via a SPAN port or network tap. As such, it is able to monitor industrial networks with no disruption to normal functioning of ICS operations, including industrial plants and machinery.
Darktrace Threat Visualizer
The Threat Visualizer is Darktrace’s real-time, 3D threat notification interface. As well as displaying threat alerts, the Threat Visualizer provides a graphical overview of the day-to-day activity of your IT and OT network(s), which is easy to use, and accessible for both security specialists and business executives.
Using cutting-edge visualization techniques, the Threat Visualizer user interface automatically alerts analysts to significant incidents and threats within their environments, enabling analysts to proactively investigate specific areas of the infrastructure.
- 3D visualization of entire network topology
- Real-time global overview of industrial threat level
- Intelligently clusters anomalies
- Holistic overview – provides insight into network topology; specific clusters, subnets, and host events
- Searchable logs and events
- Replay of historical data
- Concise summary of overall behavior for device and external IPs
- Designed for business executives and security analysts
Visualization techniques can also be used to provide a high-level overview of an organization’s network for business executives, helping to bridge the gap between technical specialists and the boardroom. Executives are given an easy-to-consume oversight of security issues, improving their awareness and understanding of the network environment, and enhancing their ability to make management decisions.