Darktrace Cyber Security
Darktrace leverages AI to detect and respond to emerging cyberthreats in real time across the entire digital estate.
Features
- Selflearning continuously adapts, learns as you change, detects threats
- Autonomous Response understanding your digital infrastructure to only target threats
- Automated investigations AI Analyst is trained on expert human behaviors.
- Antigena Email stops phishing and other email threats
- SaaS Console visualization of threats in Microsoft365 other cloud applications
- Passive or Active asset identification based on self-learning AI
- Stops threats at the IT layer before they reach critical
- Open architecture and one-click integrations
Benefits
- Selflearning continuously adapts, learns as you change, detects threats
- Autonomous Response understanding your digital infrastructure to only target threats
- Automated investigations AI Analyst is trained on expert human behaviors.
- Antigena Email stops phishing and other email threats
- SaaS Console visualization of threats in Microsoft365 other cloud applications
- Passive or Active asset identification based on self-learning AI
- Stops threats at the IT layer before they reach critical
- Open architecture and one-click integrations
Pricing
£3 to £8 a unit a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
3 6 9 0 4 1 3 0 3 8 9 8 7 8 6
Contact
Central Networks and Technologies Ltd
John Blackburn
Telephone: 07919165280
Email: john.blackburn@centralnetworks.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- No
- System requirements
- None
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- 4 Hours responce SLA
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Darktrace provides remote assistance support for the Darktrace Products. In addition to the Standard
Support Services provided to all Customers, Customers have the flexibility to choose between different
Support Service Options listed below to address Customer’s specific needs.
Darktrace provides all Customers with the following Standard Support Services:
• Helpdesk
• Software Updates
• Hardware Support
Health Checks and System Diagnostics (requires Call Home to be active)" - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Dedicated Account Team and, consistently featuring Account Executive, Cyber Technologist and Customer Success Manager - complimentary on-site training sessions
Online customer portal with training materials and videos - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
-
If using physical appliance, full data wipe is carried out
If using cloud appliance, instance is deleted - End-of-contract process
- Access to UI terminated, data wipe occurs. If there is a physical appliance on the customer site it is returned to Darktrace
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
The mobile app allows users to view and manage alerts and response actions
The web interface provides more detailed logging and analysis tools, as well as configurtaion options - Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- Customer Portal
- Accessibility standards
- None or don’t know
- Description of accessibility
- N/A
- Accessibility testing
- N/A
- API
- Yes
- What users can and can't do using the API
-
Pull alert, device, system data and more using HTTP GET
Append information to the UI, such as new device tags, to acknowledge breaches or to edit device labels using HTTP POST - API documentation
- Yes
- API documentation formats
- Other
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
-
Modify model sensitivity
LDAP integration
Subnet Labelling
Autonomous Response: Passive/Human Confirmation/Fully autonomous
Scaling
- Independence of resources
- Each customer's deployment will utilise hardware and/or virtual appliances that are dedicated to that deployment. Deployment resources are not shared with other customers.
Analytics
- Service usage metrics
- No
Resellers
- Supplier type
- Reseller providing extra support
- Organisation whose services are being resold
- Darktrace
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Other
- Other data at rest protection approach
- Data is encrypted at rest. Darktrace appliances are encrypted via LUKS with keys stored on TPM using a 256-bit AES cipher and sha256 for key derivation. All hard drives have full disk encryption, except the boot hard drive, which contains a small unencrypted boot partition for starting up the appliance.
- Data sanitisation process
- No
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
-
API
CSV
Alerting formats - Data export formats
-
- CSV
- Other
- Other data export formats
-
- JSON via API
- CEF
- LEEF
- HTTP
- Active MG
- Jira
- Email alerts
- Data import formats
-
- CSV
- Other
- Other data import formats
- Syslog log ingestion available
Data-in-transit protection
- Data protection between buyer and supplier networks
- Other
- Other protection between networks
-
Using a physical master appliance, all data is stored on customers site no external storage. Using a call home functionality that enables Darktrace to run diagnostics and provide update to its own appliance. Darktrace appliance will make encrypted outbound SSH connection to DarktraceHQ. Under your control, easily disabled within appliance’s interface or blocked by other security devices
Both sides of the connection enforce the correct pre-configured keys, which are unique for customer
Connection is encrypted using AES128CTR cipher
DarktraceHQ only permits connection attempts from the customer’s nominated IP
The connection terminates in Call Home host dedicated solely to the customer - Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Other
- Other protection within supplier network
- Weaker ciphers from the available suite are removed. SMBv3 is encrypted with AES-CCM encryption. Darktrace deploys it own products internally to monitor our networks. Firewalls are in place, IDS and IPS are implement on all network segments.
Availability and resilience
- Guaranteed availability
- High
- Approach to resilience
-
Physical appliances have redundancy in built, with multiple HDD/SSDs.
A deployment can be setup with High Availability, utilising multiple master appliances.
Cloud master appliances will utilise AWS high availability architecture - Outage reporting
-
Appliances are monitored through Darktrace NOC, to identify any hardware/software issues.
NOC alerts are distributed to contacts specified by the customer via Darktrace Customer Portal
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Username or password
- Other
- Other user authentication
- LDAP integration can be configured, allowing users to authenticate with AD credentials
- Access restrictions in management interfaces and support channels
-
GUI user accounts and permissions can be controlled, and also managed by AD group.
Darktrace Customer Portal accounts can be configured as either Primary (full access), or Standard (limited access). Primary users will have control over other user accounts. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- Username or password
- Other
- Description of management access authentication
-
LDAP integration can be configured, allowing users to authenticate with AD credentials
2FA is enforced for access to Darktrace Customer Portal
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI - British Standards Institue
- ISO/IEC 27001 accreditation date
- Re certified in 04/05/2022
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- Darktrace, in line with its ISO 27001 certification, operates and maintains a wide array of policies and procedures such as Information security policy, Access control policy, Data destruction policy, etc.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Darktrace has a document change control program. All changes are risk assesed by approved change approvers and recorded for audit purposes
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Auto-updates enabled wherever possible. Important updates for other devices are rolled out ASAP, general updates at least
monthly. Websites protected by anti-DDoS host. Monthly internal and external vulnerability scanning." - Protective monitoring type
- Undisclosed
- Protective monitoring approach
-
Darktrace utilises its own proprietary leading IA security technology, Enterprise Immune System and Antigena Email , to learn normal ‘patterns of life’ our internal and production environments to discover
unpredictable cyber-threats, delivering complete visibility across our workforce, from cloud and collaboration tools to endpoints. Darktrace’ss SOC provides 24/7 monitoring and mitigation. Network activity is continuously monitored by the Darktrace EIS with full Antigena module enablement. AGE is also in place to monitor exchange traffic. Enterprise-grade endpoint security solutions
are deployed throughout the Darktrace fleet. Cloud environments are monitored through security modules for SaaS and Web proxy filtering is in place. - Incident management type
- Undisclosed
- Incident management approach
-
Incidents are raised to the Security Team. Business impact of the incident is assessed and if customer data is at risk, customers are notified within 24 hours. Evidence is collected and stored securely by the Security
Team and accessed only by investigators. All investigators are independent of the incident itself. A formal incident report is written to determine the root cause, this is then reviewed to determine corrective or
preventative actions
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
Fighting climate change Central is committed to taking all opportunities to fight climate change by using the most efficient power sources possible and performing remote diagnostics and engineering where possible thus reducing carbon emissions. To sustain and protect the environment, we will: 1. Ensure that waste and pollution is minimised 2. Liaise with other suppliers and customers to facilitate the best possible environmental practices in the manufacturing and installation processes. 3. Discuss environmental issues regularly at the highest levels of the Company. 4. Co-operate with the appropriate authorities and technical bodies in the formation of standards and the means of compliance. 5. Regulate and improve our manufacturing processes to ensure the least practicable impact on the environment, encouraging our employees to help, and investing ahead of legislative requirements. 6. Endeavour to source products and components that can be remanufactured or recycled and have the least impact on the environment in their manufacture or use. - Covid-19 recovery
-
Covid-19 recovery
Centrals office is now fully open to employees with some choosing to work from home. We still have restrictions in place in terms of social distancing in the office however there is no longer a need to wear masks at work. We have fully recovered our systems back to pre-covid levels. - Tackling economic inequality
-
Tackling economic inequality
Central examines our supply chain to ensure that our suppliers follow a strategy of tacking economic inequality. Procurement of goods and services does not hinder progress. Within this we pay all our employees a living wage and actively encouraging suppliers to do the same, thus ensuring that our employees and our suppliers employees can afford a decent standard of living for their households. We eliminate employee discrimination and again actively encourage suppliers to do the same. We therefore take no notice of age, gender, disability, ethnicity, origin, religion or economic or other status – all have equal access to employment, training and advancement opportunities. We address employee concerns in these areas and again actively encourage suppliers to do the same. We believe that our employees are empowered to voice concerns over unequal treatment or breaches to their rights, and that such concerns are handled appropriately. - Equal opportunity
-
Equal opportunity
Central Networks and Technologies Limited (CNT) are an equal opportunities employer. We believe it is wrong to discriminate on grounds of sex, marital status, age, race, colour, religion, national origin, disability or sexual orientation. We believe that our future depends on employing staff of the highest calibre, and we should therefore recruit as widely as possible. The company will therefore provide equal opportunities in terms of recruitment, training and promotion. The company will continually monitor the effectiveness of this policy. Recruitment 1. Jobs will be open to anyone who meets the requirements. Each job will have a precise job description. All items in the job description will relate strictly to the performance of the work. Standards of English, education or qualifications higher than the job strictly requires will not be included in job descriptions. Any selection test will cover only matters relevant to the tasks to be performed. 2. All job advertisements will be free of any reference to sex, marital status, colour, religion, age, national origin or physical limitation unless this is a genuine occupational qualification. Language commonly used, but associated with the sex, e.g., ‘milkman’ will be avoided. All adverts will make clear the company is an equal opportunities employer. 3. Vacancies will be advertised in Job Centres, Careers Offices, Employment Agencies, local newspapers, and publications circulating amongst women, ethnic minorities, and people with disabilities, in order to broaden the field of possible applicants. 4. Job application forms will make it clear the company is an equal opportunities employer and will not include questions regarding marital status or dependants. - Wellbeing
-
Wellbeing
Central has a wellbeing framework which is understood company wide and applied. We encourage employees to have control over their own function. What is expected of them is clearly communicated and understood. There are a variety of roles in Central and employees can adapt them selves into roles as they see fit. We have a positive relationships between managers and employees, much as in a customer and supplier relationship. each employee is provided with assessment and supervision at least once a year. Each employee has several training events per year. The office is a safe and pleasant working environment. Central offers a good work./life balance and flexible working methods.
Pricing
- Price
- £3 to £8 a unit a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Darktrace's Proof of Value allows organisations access to the entire AI Platform to showcase the technology over a 30 day period.
- Link to free trial
- https://www.darktrace.com/en/resources/ds-pov.pdf