CUSTOMER BRIEF
Darktrace Inoculation
Boosting Your Immunity
Darktrace identifies thousands of cyber-threats on networks
worldwide in real time. Powered by unsupervised machine
learning, the Enterprise Immune System detects abnormal
activity amid the normal ebb and flow of network
communications, including novel attacks and insider
threats that have no precedent.
While the Enterprise Immune System is self-learning and
can detect threats that have never been seen before, an
organization’s immunity can also be boosted by knowledge
of high-severity threats that have been identified elsewhere
across the global Darktrace Community.
Darktrace Inoculation delivers this boost to your immunity,
enabling customers to benefit from insights from
thousands of networks worldwide, and preemptively
protecting against threats that have not yet hit your
systems and infrastructure.
Darktrace Inoculation helps us preemptively
defend ourselves and fight back against
threats even faster than before.
Jimmy Gelhaar, Director of IT,
Metropolitan Pathologists
Preemptive Protection
Darktrace Inoculation is an opt-in service, which by default
is turned off.
Opting in to the service allows you to share and receive
intelligence about unique threats discovered across
the Darktrace Community. Mathematical models are
automatically generated based on the observations of high-
severity cyber-threats, allowing Darktrace to protect against
brand new threats even faster, regardless of how weak the
signals might be within your system.
In the event of a new attack, Darktrace Inoculation’s
mathematical models are shared within seconds. No private
data from the originating incident is shared, nor can the
identity of the originating community member be reversed or
discovered from the model.
While the capability of Darktrace Inoculation serves as a
boost to your overall immunity, Darktrace’s award-winning
ability to recognize new threats through its machine learning
is unaffected and still operates as before. Darktrace Antigena,
the autonomous response capability, can also take action on
Inoculation threats.
Get Started
Opting in is easy. Simply log in to the Darktrace Customer
Portal and click Darktrace Inoculation on the homepage.
If you do not yet have an account, register here.
For more information, please contact Darktrace Customer
Support.
Use Case: Inoculation in Action Inoculation and Privacy
Let’s see how this works in practice. A sophisticated attacker When a customer has opted in, Darktrace will use a
has compromised a medical device in a hospital in Latin combination of the following indicators to build the
America. The Enterprise Immune System (a local Darktrace Inoculation model from an infected customer. These
deployment) has discovered the attacker command and indicators do not contain any personal data and are
control channel by identifying the communications as a anonymized and encrypted when sent to Darktrace from a
change in the device’s profile. The attack is flagged to the local community member.
security team.
• External domains
Due to the high scoring alert, Darktrace Inoculation • External IP
is automatically alerted to a possible ‘patient zero’ in • ASN
Latin America, where the organization has been hit by a • URI Strings
communicable virus. • Beaconing Frequency
• Hashes (Ja3, Sha1,MD5)
Powered by supervised machine learning, Darktrace • Strength of Score
Inoculation analyzes the features of the attack, such as IP • Date and time stamps
addresses, domain names, and URLs, and determines the • Destination Ports
likelihood that this incident is the first sign of a new and • User Agent Strings
active criminal campaign or high-severity threat. • Destination Rarity Score

When Darktrace’s supervised learning algorithms decide These indicators are run through Darktrace’s supervised
that the features strongly point to malicious activity, Darktrace machine learning algorithm and developed into binary,
Inoculation automatically generates mathematical models mathematical models that are distributed to other
that pinpoint the attack activity and opted in customers customers who have opted in. The distributed Inoculation
are instantly alerted via the Threat Visualizer if a match is models are not human readable.
discovered. These rich models not only check signs of that
activity within the environment retrospectively, but are also
added to the Watch List, protecting against that cyber-attack
in the future as well.

In this way, the insights following the compromise of a single Darktrace uses AI to spot patterns and
hospital medical device in Latin America are shared in
prevent cyber-crimes before they occur.
order to preemptively protect customers worldwide from
a malicious attack campaign, while boosting their local Gartner
Enterprise Immune Systems in the process.

About Darktrace Contact Us

Darktrace is the world’s leading AI company for cyber security. Created by mathematicians, the Enterprise North America: +1 (415) 229 9100
Immune System uses machine learning and AI algorithms to detect and respond to cyber-threats across
diverse digital environments, including cloud and virtualized networks, IoT and industrial control systems. Latin America: +55 11 97242 2011
The technology is self-learning and requires no set-up, identifying threats in real time, including zero-days, Europe: +44 (0) 1223 394 100
insiders and stealthy, silent attackers. Darktrace is headquartered in San Francisco and Cambridge, UK,
and has over 30 offices worldwide. Asia-Pacific: +65 6804 5010

[email protected]

darktrace.com

Darktrace © Copyright 2018 Darktrace Limited. All rights reserved. Darktrace is a registered trademark of Darktrace Limited. Enterprise Immune System, and Threat Visualizer
are unregistered trademarks of Darktrace Limited. Other trademarks included herein are the property of their respective owners.