Darktrace Proof of Value
What is a POV?
As a Darktrace partner, Allari's Security and Compliance team are offering an easy four-week trial that allows you to evaluate Darktrace’s Enterprise Immune System and Threat Visualizer within your own environment. It allows organizations to understand why some of the world’s leading companies are relying on Darktrace to gain unprecedented visibility into their networks and detect emerging cyber threats within their systems in real time – before they develop into damaging incidents. Our experienced team will install a Darktrace appliance within your environment in just one day, and give you access to our groundbreaking Threat Visualizer interface. During the POV, you will also receive detailed updates on what we find, produced by our world-leading cyber analysts.
why do a pov?
Achieve Global Visibility
Today’s networks are large, busy and complex, making it very difficult to work out what is going on, where and how, at all times. Darktrace uniquely models, maps and visualizes your entire network, down to device and user level, giving you a unique and intuitive overview of what is going on within your organization.
- See what your network and interactions really look like
- Have the ability to ‘zoom in’ on parts of your infrastructure, by network, device or user
- Understand your own organization better than your adversaries do
Detect Threats That You Did Not Know Existed
Darktrace’s unique immune system approach is powered by fundamental machine learning and probabilistic mathematics. It does not rely on signatures, rules or a priori knowledge of threats or your environment. The technology constantly learns what is ‘normal’ activity in your environment, correlating multiple weak indicators in order to form an accurate understanding of normal and abnormal behavior.
- Find anomalies and threats that you did not know existed – Darktrace’s machine learning and mathematical approach works from day one, and is constantly learning in order to detect unusual behaviors, without any a priori knowledge
- Understand what your top security priorities are – Darktrace lets you see and act on the top threats to your organization, without getting distracted by the noise of the network
- Take timely action to minimize risks to your organization and curb malicious or harmful behaviors
Threat Intelligence Reports
A Darktrace POV includes three weekly Threat Intelligence Reports that will explain and detail the most salient anomalies that the Enterprise Immune System finds, as determined by our expert analysts. Darktrace employs some of the world’s leading cyber intelligence and security professionals. Our cyber threat analysts typically have strong government intelligence backgrounds, from the NSA, GCHQ, MI5 and other intelligence agencies, with unprecedented, real-world experience of encountering and defending against some of the most persistent and pernicious cyber threats and attackers.
- Benefit from the expert analysis of the world’s leading cyber threat analysts
- Collaborate directly with our analysts to understand the unique findings of the Darktrace appliance
- Receive weekly Threat Intelligence Reports from the second week onwards, providing tailored analysis of your environment’s top threats based on the investigations of our lead cyber analysts
- Get expert advice on threat remediation in response to the anomalies detected
HOW DOES IT WORK?
Installation of the Darktrace Appliance
A single Darktrace appliance can be installed in 1-2 hours or less, and uses up to 2U of rack space.
Passive Data Collection
Darktrace uses raw network traffic in order to get maximum visibility of your network and to model your enterprise, devices and users to a high degree of accuracy. Data is passively collected using one of the following methods:
- Port spanning via your existing network equipment
- Insertion or reuse of an in-line network tap
- Access to existing repositories of network data
Data Analysis and Modeling
Darktrace immediately starts ingesting, analyzing and modeling network data. Using its unique, probabilistic and machine learning algorithms, Darktrace establishes a ‘pattern of life’ for the enterprise, as well as every individual device and user, and detects true anomalies. Over the course of the POV, this understanding is constantly refined and revised as the Enterprise Immune System incrementally learns more and more about how your organization behaves.
resources required for success
Darktrace appliances connect back to Darktrace Central Management over a secure and encrypted, dual-factor authentication channel in order to receive new mathematical models and software updates. For managed deployments and POVs, this also enables Darktrace cyber analysts to review and tune system output. Customers maintain total control of the connection, which is initiated and maintained from the appliance and can be started, terminated or audited at any time. For the purposes of carrying out continual health checks, we request that a connection is maintained during normal business hours.
To take full advantage of the unsupervised machine-learning hosts with dynamic IP addressing, the DHCP signal from server to client must be contained in the data feed. This helps build the most granular understanding of particular machine and user behavior. For deployments beyond the Proof of Value, other forms of mapping data can be used to permit integration with many industry-standard log systems
privacy & legal considerations
- Data collection is passive – all collected data remains on-premises and is not uploaded to the cloud or to a Darktrace data center. Data is only accessible through the secure connection unless otherwise agreed.
- The appliance does not affect network and business operations
- Data is securely deleted if you do not wish to proceed beyond the POV
- A shrink wrap legal agreement is required to activate the appliance