Introduction and Thoughts on DARKtrace: “The Enterprise Immune system”

March 7, 2018 | Views: 2392

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

 

So it has been a few days since I was at the conference and I came across a few companies and products that I have not have the opportunity to see.

One of the products that caught my eye was Darktrace they sell their product as the “Enterprise Immune System” essentially they are smashing Big Data and network analysis together to get a picture of what is normal on a network and what is not.

The company was started by mathematicians from the university of Cambridge and former Mi5 works  the company is based out of the U.K

I had the opportunity of speaking with  2 of the reps at the conference and they were very knowledgeable about the product.

they were very willing to share info on the product and have kept in touch with me since after the event which is always good.

So what is Darktrace?, Darktrace is a device that sits on a span port or network tap preferably on the core and  it listens to all the traffic that passes through the core to get an analytical view of what happens on the network.

Under the hood there is some advanced mathematical  algorithm that is used for the analysis   the system records things such as URL’s and requests out to the Internet  this is a wonderful tool in security since things such as Malware infections can be flagged when they perform certain calls out of the network  for certain URLs or files that have never been seen on the network. This can help detect unusual activities this is a concept known as machine learning which the system heavily uses to perform these tasks.

The User Interface looks like something out of a Scifi movie

 

This is the future of security we need to embrace predictive analytics and machine learning to really listen to what is going on in the network every detail is important and Darktrace is right up there at the forefront of the new age.

The legacy approach is not as effective as it once was things like ransomware and APT  are becoming some advanced so quickly it’s going to take more than just the usual to stay ahead of the game.

I spoke with a rep from Darktrace and she provided me with a play by play article on how Darktrace was able to help an online casino secure their after a ransomware breach see the article here https://threatpost.com/diary-of-a-ransomware-victim/117877/

Also, they provided me with an awesome white paper on their automation and machine learning technology

 

My thoughts

A company built by spies and mathematicians? sweet

On a serious note, this product and those like it are the future of security more and more vendors are releasing products based on analytics instead of traditional solutions.

Darktrace has a very informative team and website with all sorts of case studies and the facts speak for themselves more and more threats are flying around the internet that has been caught first with analytics and machine learning.

Here is a link to a page of  whitepapers from Darktrace https://www.darktrace.com/resources/

As I have mentioned in previous posts Big data + security is the future and I am happy to see solutions coming out that embrace this new era of security

 

Check my blog out @ www.seanmancini.com

sean@seanmancini.com

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
5 Comments
  1. Thanks for the feedback guys I have contacted a source at dark trace with the limitations posted above to see where their product is now and if anything has been fixed and if they can verify the limitations

    Thanks again for the feedback on my post it helps me with writing better articles

    cheers
    Sean Mancini

  2. So you go to an event and listen to a bunch of sales people talk about how great their product is, and then you write an article without actually testing the product? BTW this is probably the most amateurish “review” I have seen.

    1. You fail to mention the product. I think you are referring to Antigena. Darktrace is the company.
    2. Antigena is really rough around the edges and currently is nothing like an immune system. Crashing, buggy, agents can be struggling.
    3. Doesn’t natively decrypt TLS (at least at the time when I tested). So there ya have it, 90% of traffic will be invisible to it, unless you slap something on top that will decrypt it. Obviously to do that you need to run MITM (which is another topic altogether and has its advantages and disadvantages), and Antigena isn’t really an MITM platform, so this is a decent excuse and I don’t blame them for not actually trying to do it. However, some competitors that don’t ride the “machine learning” hype have it.
    4. Behaviour vs signatures – Antigena is pretty much only behavior, there are some “models” available, but specific things like data exfiltration and SQL injections aren’t there. You’re better off with using other products to find out the basic stuff via signatures or IPS/IDS-like rules.
    5. There’s little in terms of actual machine learning, most is just statistical analysis and processing. Yes, it does “learn” things like baseline, and normal hours of operation, patterns, etc. but I hardly call it cutting edge, bunch of other competitors are doing the same.

    I can go on about it for a while, but my main point is – your “review” sucks and you need to do better than the amateurish babble that this currently is. My $0.02.

  3. Question what is the difference between Darktrace and Wireshark?

  4. this website sucks

  5. Sean you seem to be in the same talk as me.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel