Self-learning Cyber AI for Your Dynamic Workforce

Like an Immune System for Unpredictable Threats Across the Enterprise

Darktrace’s pioneering technology, the Enterprise Immune System, applies AI to the cyber defense challenge for the first time, detecting cyber-threats that existing, legacy systems cannot.

It quickly became clear that the technology was powerful enough to identify a diverse range of threats at their earliest stages – including insider attacks, latent vulnerabilities, cloud-based threats and even state-sponsored espionage.


The Enterprise Immune System is a self-learning cyber AI technology that detects novel attacks and insider threats at an early stage.

Modeled on the human immune system, the Enterprise Immune System learns and understands ‘self’ for everyone and everything in the business, and can spot the subtle signals of an advanced attack — without relying on rules, signatures, or prior assumptions.

Key Benefits: 

  • Self-learning detection
  • Automated Analysis
  • Fast Install
  • 100% Visibility


Learning ‘On the Job’

The Enterprise Immune System uses unsupervised machine learning and AI to understand all about your organization. Observing your users and devices, cloud containers and workflows, it learns ‘on the job’ what is normal for your organization.

Unlike traditional approaches that rely on blacklists, rules and signatures, the immune system approach learns from your data – forming a bespoke and evolving understanding of your digital environments. This unique approach enables Darktrace to detect the most sophisticated and stealthy cyber-threats that other tools miss.

Whether a new strain of ransomware or an emerging insider attack, the Enterprise Immune System detects the threat at its earliest stages.


Protection Across Your Enterprise

Cyber-threats can emerge anywhere – in your cloud or on SaaS, via email or on IoT devices on your network.

The Enterprise Immune System shines a light into all these environments, including Salesforce, Office 365 & SharePoint, AWS and Microsoft Azure.

This means that organizations benefit from a unified view of their entire digital estate – not just part of it – and can tackle emerging threats quickly.


The Industrial Immune System is a fundamental AI technology for OT cyber defense. It works by passively learning what ‘normal’ looks like across OT, IT and industrial IoT, allowing it to detect even the subtlest signals of emerging cyber-threats in real time.

This self-learning technology is protocol agnostic and can be deployed across a range of OT environments, providing full coverage of the organization without disrupting daily operations.

Key Benefits: 

  • Self learning detects novel threats as they emerge
  • 100% coverage and visibility across OT, IT, IoT, Cloud, SaaS
  • Identifies all forms of threat including malware, operator error, malfunction and insider threat
  • No fixed baselines are protocol and technology agnostic


Unified View Across OT, IT, and IoT

Through its intuitive Threat Visualizer interface, Darktrace gives security teams an instant overview of their diverse digital infrastructure, enabling operators to proactively investigate cyber-threats and specific areas of the ICS.

With Darktrace’s self-learning AI, operators can visualize every user, device, and controller in the network and identify novel threats and insiders in real-time.

Cyber AI for OT Environments

The Industrial Immune System is uniquely capable of learning ‘normal’ for radically different technologies and deployment types, from decades-old PLCs to distributed sensors and industrial IoT. This allows Darktrace’s self-learning AI to secure the full range of OT-centric environments and organizations including:

  • Energy & Utilities
  • Manufacturing
  • Oil & Gas
  • Smart Cities
  • Maritime

Antigena Network is the world’s first Autonomous Response solution for the enterprise. Powered by self-learning AI, it is the only solution that can interrupt attacks at machine speed and with surgical precision, even if the threat is targeted or entirely unknown.

By taking swift and targeted action, Antigena Network stops emerging threats that other tools miss. The technology provides 24/7 coverage of your entire workforce, when security teams are overwhelmed or simply aren’t around.

Key Benefits: 

  • Stops every attack from targeted campaigns to ‘unknown unknowns’
  • Surgical response sustains normal operations across the business
  • Action in seconds newutralizes attacks spreading in real time
  • Full oversight gives mobile alerts when Antigena steps in


Autonomous Response AI Decision-Making

Antigena Network takes intelligent action to neutralize cyber-threats and maintain your key security objectives. Crucial for defending against stealthy, novel, and fast-moving attacks, Antigena reacts in seconds, giving your security team time to catch up.

Unlike legacy defenses, Antigena Network can deliver intelligent Autonomous Response because its actions are grounded in Darktrace’s core AI engine, whose decisions are:

  • made in real time
  • aware of subtle deviations that reveal novel or targeted attacks
  • continuously evolving based on active observation of attacks as they unfold
  • informed by correlation of patterns across the network, not single data points
  • based on a deep understanding of the particular organization


Unified Coverage Across Your Entire Network

Antigena Network delivers Autonomous Response across your entire business, providing bespoke protection across IoT devices, industrial control systems, and on-premise infrastructure. While each response is grounded in Darktrace’s self-learning AI, the range of actions it can take fall into one of two broad categories of response:


Tactical Response

With Tactical Response, Antigena Network generates self-directed actions that neutralize attacks in seconds.

Each response is surgical and anchored in the system’s granular understanding of ‘normal’ for the entire organization. This allows Antigena Network to reliably judge which events merit autonomous response, and also maintain ‘business as usual’ by enforcing the normal ‘pattern of life’ of an infected device or compromised user.


Strategic Response

With Strategic Response, Antigena Network acts as the ‘AI brain’ of the entire security stack, leveraging high-confidence detections to hand off and integrate with inline defenses as a mechanism for response.

Through active integrations, Antigena Network can seamlessly plug into and enhance your existing ecosystem, informing firewalls and network devices about attacks that have gotten through.


94% of cyber-threats start with an email.

Antigena Email uses Darktrace’s core artificial intelligence to stop the most advanced email threats, intervening to protect employees from the full range of threats targeting the inbox.

Rather than relying on static rules and historical data, the technology works by understanding the unique ‘patterns of life’ of email users and the complex web of relationships between them. This self-learning approach allows Antigena Email to reveal seemingly benign emails as unmistakably malicious.



Key Benefits:

  • Self-learning – Continuously updates in light of new evidence
  • Understands the human – Based on their unique patterns of behavior
  • Proportionate response – According to nature and severity of threat
  • 5-minute install – Virtual or hardware deployment available


The Self-Defending Inbox

Antigena Email uses cyber AI to protect the email environment from the most sophisticated email threats.

Traditional gateway tools analyze emails in isolation, asking whether elements of an email have been observed in historical attacks. This retrospective approach fails to spot the subtle signs of novel or advanced attacks that cost organizations the most.

Antigena Email continuously updates its understanding of ‘normal’ for every sender and recipient, allowing it to identify any unusual activity in inbound, outbound and lateral mail flow. By treating recipients as dynamic individuals and peers, Antigena Email is able to stop the full range of threats targeting the inbox.

Advanced spear phishing – Analyzes links, attachments, domains and content alongside the ‘patterns of life’ of an organization.
Supply chain attack – Learns communication patterns between individual users and recognizes when a trusted email account has been hijacked.
Spoofing and solicitation – Detects ‘look-a-like’ domains that are designed to trick the user and identifies unusual associations among internal recipients.
Employee account takeover – Identifies anomalous login locations and unusual email processing rules as indicators of compromise.
Learn More
Discover how SecureNation can help you better protect your IT assets.