Darktrace nds anomalies that bypass other security tools, due to the uniqueness of the Enterprise Immune System, capable of detecting threats without reliance on rules, signatures or any prior knowledge.
Across our customer base, we have detected a wide range of di erent anomalies, detected by our probabilistic approach that takes into account weak indicators to form a compelling picture of overall threat. The following list includes examples of anomalies that we have spotted in real operational environments. For each anomaly found, the organization a ected had the ability to respond to the evolving situation in the most appropriate way, in order to best protect their information and the integrity of their systems.
The examples given below name speci c technical components of each anomaly. Such components are often featured in rule de nitions and, for ease of interpretation, Darktrace’s noti cations publish each speci c component whose behavior has contributed to the models’ characterization of threat. Darktrace models these speci c components collectively and over time. It is how these parameters behave relative to each other and to a previous epoch that determine a noti cation’s status, unlike a rule-based system that relies on prior setting of threshold values in a single or set of discrete parameters. However, it should be noted that Darktrace can use pre-existing rules as base line or seed points for its adaptive mathematical models and this is often an option for environments where prior history does not exist.