A Darktrace FAQ with Miles Brinkley
Miles Brinkley travels extensively keeping very active engaging Cybersecurity professionals and C-Level executives in their data centers and as the headline speaker at countless cybersecurity speaking engagements. We recently sat down with Miles and asked him to share the most frequent question he is asked about Darktrace.
Q: How do you avoid false positives? If you don’t use rules or signatures or outright determine what’s good or bad behavior in the network, how can I be sure you won’t just flag innocuous activity and disrupt me with harmless alerts all day?
A: This is a good question and one that I am often asked. Darktrace’s machine learning and AI avoids false positives on the principles of just that—it doesn’t actively “look” for anything good or bad, or use rules or signatures to predict what’s coming. It simply learns your network activity—every user, device, and IP—and determines what is anomalous as opposed to what is normal activity. In the beginning learning period of your network, you may experience a bit more “white noise”—small statistical deviations from normal and subsequent alerts, but this only lasts for a few weeks to a month at most. The machine learning will quickly learn your network and cluster like devices, servers, and IPs based on daily functions and traffic patterns, and will continue to grow and scale with the network. Thus, the white noise will quickly disappear, and all alerts you receive-big or small-will be worthy of investigation and substantive. It’s consistent with the enhanced visibility the AI provides into your network.
In the same way, the autonomous response (Antigena)’s AI intelligence will not affect or disrupt your network chasing white noise alerts. It is intelligent enough to only take action on items that cross a reasonably significant threshold score, which you can set and edit yourself within the UI.
About Darktrace: Darktrace is the world’s leading AI company for cyber defense. With thousands of customers worldwide, the Enterprise Immune System is relied on to detect and fight back against cyber-attacks in real-time. The self-learning AI protects the cloud, SaaS, corporate networks, IoT and industrial systems against cyber-threats and vulnerabilities, from insider threats and ransomware to stealthy and silent attacks. Darktrace has over 800 employees and 40 offices worldwide. It is headquartered in San Francisco, and Cambridge, UK.
Contact us to learn more about the free 30-day trial
In 95% of organizations, Darktrace finds genuine cyber-threats that others have missed, from insider threat to IoT hacks, malware and misconfigurations to data leakage and unusual behaviors.
During a 30-day trial, Darktrace software will discover what’s lurking inside your organization.
1-hour installation by your dedicated Darktrace Cyber Technologist
Bespoke threat reports for executives