at Financial Technnology Year
Please contact them if you have any questions.
Darktrace Enterprise Immune System from Darktrace
AI-powered cyber defense platform that creates a unique understanding of normal behavior within pension fund networks, automatically detecting and responding to emerging threats. Includes targeted modules for financial data protection, payment system security, and insider threat monitoring.
Product analysis by function
Cybersecurity Solutions for Risk Management
Comprehensive security systems that protect sensitive pension and member data, including intrusion detection, encryption, identity management, and security information and event management (SIEM) platforms.
More Cybersecurity Solutions
More Risk Management ...
Data Encryption and Privacy
(6 Yes /6 Known /10 Possible features)
|
End-to-End Encryption All sensitive data is encrypted during storage and transmission. |
Darktrace encrypts data in transit and at rest as part of its security protocols for threat detection and data protection. | |
|
Encryption Key Management The system securely manages, rotates, and stores encryption keys. |
No information available | |
|
Field-Level Data Masking Sensitive fields are masked within user interfaces and data exports. |
No information available | |
|
Data Anonymization Tools Tools to anonymize data for use in analytics and testing. |
No information available | |
|
Encryption Algorithm Strength The strength of cryptographic algorithms used (e.g., AES-256). |
No information available | |
|
Compliance Certificates Certifications (e.g., GDPR, ISO 27001) confirming privacy and data protection standards. |
Website mentions certifications such as ISO 27001 and GDPR compliance. | |
|
Multi-region Data Residency Ability to store encrypted data within specific geographic jurisdictions to meet regulatory requirements. |
Multi-region data hosting supported for regulatory compliance according to financial services product documentation. | |
|
Automated Encryption Updates Automated update and patching of cryptography libraries. |
Darktrace routinely updates and patches cryptographic libraries as part of its threat mitigation lifecycle. | |
|
Secure Backup Encryption Backups are encrypted using the same or better standards as production data. |
Company states that backups are encrypted using strong encryption protocols in line with industry standards. | |
|
Audit Logging for Data Access Complete audit trail of any encrypted data accessed or decrypted. |
Audit trails for all data access are a core feature, allowing monitoring and investigation of encrypted data usage. |
Identity and Access Management (IAM)
(8 Yes /8 Known /10 Possible features)
|
Multi-factor Authentication (MFA) Additional authentication steps beyond password entry. |
MFA is included in access controls for the administrative dashboard and user logins. | |
|
Role-Based Access Control (RBAC) Access rights and capabilities assigned based on user roles. |
Role-based access is available to restrict permissions based on user profiles and job functions. | |
|
Single Sign-On (SSO) Users can authenticate once to access multiple systems seamlessly. |
Single Sign-On integration is supported with SAML/OIDC as detailed in documentation. | |
|
Access Policy Automation Automated enforcement of access policies based on user roles and context. |
Automated access policy enforcement is configurable via roles and network context. | |
|
Privileged Access Management Special controls for managing highly privileged accounts. |
Privileged user accounts are supported with special monitoring controls. | |
|
Self-service Password Reset Users can securely reset their own passwords. |
No information available | |
|
Identity Federation Allows integration with external identity providers (e.g., SAML, OAuth). |
Supports integration with external identity providers for federated identity management. | |
|
Session Timeout Automatic user logoff after a period of inactivity. |
No information available | |
|
Detailed Access Logs Maintains detailed logs of user authentication and access events. |
System logs all access events for audit and compliance. | |
|
Adaptive Authentication Authentication strength varies depending on risk/context. |
Adaptive authentication supported as policy or risk triggers may require extra authentication. |
Network and Infrastructure Security
(8 Yes /8 Known /10 Possible features)
|
Firewall Integration Uses advanced firewalls to inspect and control incoming/outgoing traffic. |
Works with enterprise firewall solutions and inspects network traffic. | |
|
Intrusion Detection Systems (IDS) Automated systems to detect malicious activity on the network. |
Includes built-in IDS with automated anomaly detection for intrusions. | |
|
Intrusion Prevention Systems (IPS) Automated blocking and mitigation of detected attacks. |
IPS capabilities included for automatic mitigation of detected attacks. | |
|
Network Segmentation Separates critical systems to limit the impact of breaches. |
Network segmentation and microsegmentation supported for threat isolation. | |
|
DDoS Protection Systems to defend against Distributed Denial of Service attacks. |
Provides DDoS protection as part of platform or via integrations. | |
|
VPN Support Encrypted tunnels for secure remote access. |
No information available | |
|
Patch Management Automation Automatic deployment of security updates to infrastructure. |
Patch management automation for platform components is offered. | |
|
Zero Trust Architecture Assumes no implicit trust within the network; authenticates all requests. |
Described as Zero Trust compatible; platform assumes networks are untrusted. | |
|
Vulnerability Scanning Frequency How often vulnerability scans are performed. |
No information available | |
|
Secure Configuration Baselines Infrastructure configured to recognized security standards. |
Security configuration baselines are enforced for sensors/agents deployed. |
Application Security
(9 Yes /9 Known /10 Possible features)
|
Secure Coding Standards Application code adheres to established secure development practices. |
Secure SDLC and secure coding required for extensions and integrations. | |
|
Automated Code Scanning Automated tools scan codebases for vulnerabilities. |
Platform uses automated code scanning as part of its threat detection development. | |
|
Web Application Firewalls (WAF) Prevents attacks targeting web applications. |
Supports integration with and/or contains WAF capabilities, as stated for web threats. | |
|
Regular Penetration Testing Third-party or in-house simulated attacks to find vulnerabilities. |
No information available | |
|
Runtime Application Self-Protection (RASP) Applications detect and block attacks in real time. |
Real-time RASP-like defenses detecting and automatically responding to attacks. | |
|
API Security Management Controls to secure application programming interfaces. |
API security management included for monitoring and controlling API traffic. | |
|
Static Application Security Testing (SAST) Analyze source code for known vulnerabilities. |
Static code analysis is used within development and security practices. | |
|
Dynamic Application Security Testing (DAST) Test running applications for vulnerabilities in real time. |
DAST supported as part of runtime threat assessments. | |
|
Open Web Application Security Project (OWASP) Compliance Application complies with OWASP Top 10 recommendations. |
Darktrace monitors for compliance with OWASP Top 10 as part of its web threat defense. | |
|
Dependency Vulnerability Management Monitors and updates third-party libraries for vulnerabilities. |
Automated monitoring of dependencies and vulnerabilities. |
Security Information and Event Management (SIEM)
(9 Yes /9 Known /10 Possible features)
|
Centralized Log Aggregation Consolidates logs from all systems for analysis and storage. |
SIEM integration and centralized log aggregation are core platform features. | |
|
Real-Time Threat Detection System raises alerts on detection of abnormal behavior or attack patterns. |
Real-time AI-based threat detection is the central capability of Darktrace. | |
|
Automated Response Orchestration The system can automate predefined responses to certain events. |
Automated response orchestration is a major selling point: autonomous response. | |
|
Correlation Rules Engine Allows custom rules for correlating events across systems. |
No information available | |
|
Historical Log Retention The system retains security logs for compliance and investigations. |
undefined Historical log retention is configurable for compliance investigation. |
|
|
Customizable Dashboards Allows tailoring of dashboards for different audiences. |
Customizable dashboards supported per product web page. | |
|
Forensic Investigation Tools Assists in digital forensic analyses post-incident. |
Provides forensic analysis capabilities for incident investigation. | |
|
User and Entity Behavior Analytics (UEBA) Uses machine learning to detect behavioral anomalies. |
User and Entity Behavior Analytics (UEBA) is at the core of Darktrace's 'Enterprise Immune System.' | |
|
Incident Ticketing Integration Links SIEM alerts with incident management platforms. |
Incident ticketing supported via integrations with platforms like ServiceNow. | |
|
Alert Notification Latency Time from detection to notification of security personnel. |
undefined Alert notification is in real-time; latency typically under a minute. |
Risk Assessment and Compliance
(9 Yes /9 Known /10 Possible features)
|
Automated Compliance Reporting Generates and distributes reports for relevant regulations (e.g., SOC 2, GDPR, SOX). |
Automated compliance reporting available for major regulations including GDPR. | |
|
Continuous Risk Monitoring Ongoing evaluation of risks to pension assets and data. |
Continuous monitoring and risk posture evaluation are ongoing features. | |
|
Policy Management Tools Enables creation, enforcement, and distribution of security policies. |
Policy management is offered through administration and enforcement capabilities. | |
|
Risk Scoring Engine Automatically assigns risk scores based on assets and exposures. |
Machine-based risk scoring engine is a feature. | |
|
Third-party Risk Assessment Evaluates security posture of all external service providers. |
No information available | |
|
Automated Audit Logging Maintains audit trails meeting compliance obligations. |
Audit logging is automated and meets compliance obligations. | |
|
Regulatory Change Monitoring Monitors for changes in relevant security regulations. |
Regulatory monitoring is supported for security standards. | |
|
Reporting Customization Users can tailor compliance and risk reports to requirements. |
Risk and compliance report customization is available. | |
|
Data Retention Period Control Ability to define and enforce data retention policies. |
undefined Data retention policies can be set for logs and analytic data. |
|
|
Automated Remediation Tracking Tracks progress and closure of audit and risk remediation tasks. |
Tracks audit and compliance remediation workflows. |
User Education and Awareness
(0 Yes /0 Known /10 Possible features)
|
Integrated Security Awareness Training Provides regular training for users on security best practices. |
No information available | |
|
Phishing Simulation Tools Periodically tests users' readiness for phishing attacks. |
No information available | |
|
Policy Acknowledgement Tracking Tracks user acknowledgment of security policies. |
No information available | |
|
Compliance Test Results Dashboards Aggregates user compliance training results. |
No information available | |
|
Refresher Training Frequency How often security training updates are required. |
No information available | |
|
Security Bulletin Distribution Regular updates on new threats and incidents shared with users. |
No information available | |
|
Mandatory Onboarding Training Security training required before system access. |
No information available | |
|
Interactive Learning Modules Engaging, scenario-based training rather than static documents. |
No information available | |
|
Breach Simulation Participation Rate Percent of users participating in breach simulation exercises. |
No information available | |
|
Customizable Training Content Organizations can tailor security awareness content. |
No information available |
Incident Response Management
(9 Yes /9 Known /10 Possible features)
|
Automated Incident Playbooks Predefined workflows to respond to specific incident types. |
Automated incident playbooks are supported through AI response modules. | |
|
Forensic Data Collection Automation Automatically gathers relevant data during a security event. |
Automatically collects forensic data during incident response. | |
|
Crisis Communication Tools Facilitates rapid, secure communication during incidents. |
Crisis communication provided through integration with notification and messaging platforms. | |
|
Post-incident Analysis Reports Automatically compiles reports after incidents to support root-cause analysis. |
Post-incident analysis is included in reporting and root-cause tools. | |
|
Response Time SLAs Guaranteed maximum time to initiate a response after detection. |
No information available | |
|
Automated Containment Actions Capabilities to automatically isolate affected systems. |
Automated threat containment is a key platform capability. | |
|
Internal and External Notification Automation Notifies all stakeholders, including regulators, as required. |
Automated stakeholder notification available via integrations. | |
|
Tabletop Exercise Tools Supports running mock incidents to train the response team. |
Tabletop/mocked incident simulation is supported in incident response modules. | |
|
Third-party Forensics Integration Integrates with external digital forensics services. |
Integration with external digital forensics partners is possible. | |
|
After-action Remediation Tracking Creates trackable tasks following incident post-mortems. |
Tracks follow-up remediation tasks after incidents. |
Fraud Detection and Prevention
(8 Yes /8 Known /10 Possible features)
|
Behavioral Analytics for Fraud Detection Monitors user and transaction behaviors for suspicious patterns. |
User and transaction behavioral analytics for fraud monitoring is core feature. | |
|
Real-Time Transaction Monitoring Analyzes pension transactions for signs of fraud as they occur. |
Real-time transaction monitoring is available for financial networks. | |
|
Machine Learning Model Accuracy Accuracy of machine learning models for detecting fraud. |
No information available | |
|
Rule-based Anomaly Detection Administrator-defined business rules to flag abnormal activity. |
Rule-based fraud and anomaly detection via custom rules and AI. | |
|
Blacklists and Whitelists Lists maintained to block or allow specific users or accounts. |
Blacklist/whitelist use is configurable for accounts and IPs. | |
|
High-risk Transaction Notification Speed Time for the system to alert on high-risk actions. |
undefined Alerts on high-risk actions are real-time, typically under 1 minute. |
|
|
Automated Account Freezing The system can automatically freeze accounts suspected of fraud. |
Platform can trigger automated account lock/freezing on suspected fraud. | |
|
Integration with Watchlists Links with internal/external fraud and sanctions lists. |
Integrates with internal/external watchlists (e.g., AML lists). | |
|
Fraud Investigation Workflows Automated workflows to triage and resolve potential fraud cases. |
Provides workflows for managing and resolving detected frauds. | |
|
False Positive Rate Percentage of legitimate transactions incorrectly flagged. |
No information available |
Business Continuity and Disaster Recovery
(7 Yes /7 Known /10 Possible features)
|
Automated Data Backups Regular backups of key data and system configurations. |
Automated data backup is available for critical configuration and security data. | |
|
Backup Frequency How often data backups are taken. |
No information available | |
|
Recovery Point Objective (RPO) Maximum age of files that must be recovered after an outage. |
No information available | |
|
Recovery Time Objective (RTO) Maximum allowable downtime after a disruption. |
No information available | |
|
Geographically Redundant Infrastructure Replication of data across multiple regions to prevent data loss. |
Supports geographically redundant infrastructure for business continuity. | |
|
Automated Failover Automatic system switch to backup infrastructure upon failure. |
Automated failover built-in as part of Darktrace's availability guarantees. | |
|
Disaster Recovery Testing Frequency Number of times per year recovery plans are tested. |
undefined Disaster recovery exercises are routinely supported for enterprise clients. |
|
|
Hot/Cold/ Warm Standby Systems Type of backup environments maintained for quick restoration. |
Can operate with hot and warm standby environments, as referenced for critical resilience. | |
|
Business Continuity Plan Documentation Comprehensive, up-to-date plan documentation. |
Comprehensive business continuity documentation provided to clients. | |
|
User Notification During Outages Automatic updates sent to users about system status during incidents. |
System status notifications are sent to users during major outages or incidents. |
System Integration and Interoperability
(10 Yes /10 Known /10 Possible features)
|
Open API Availability Public APIs documented for integration with other systems. |
Public APIs are available and documented for integrations. | |
|
Standards-based Data Exchange Supports industry-standard data formats and protocols. |
Supports industry protocols (REST, JSON, etc.) for interoperability. | |
|
Custom Integration Toolkit Provides libraries and tools for custom integrations. |
Custom integration toolkits available for large enterprise customers. | |
|
Cloud Service Integration Integrates easily with cloud providers and SaaS tools. |
Integrates with all major cloud and SaaS providers. | |
|
On-premises Integration Support Flexible integration with non-cloud systems. |
On-premise integration available for hybrid deployments. | |
|
SIEM/SoC Integration Easily connects to Security Operations Centers or SIEM platforms. |
Supports SIEM/SoC integration for alerts and logs. | |
|
Batch Data Import/Export Capability to import/export large data sets between systems. |
Supports batch data import/export for log and event transfer. | |
|
Prebuilt Connectors Ready-made integrations for commonly used pension fund management tools. |
Prebuilt connectors offered for popular security and enterprise tools. | |
|
Integration Testing Suite Automated tools to test integrations before deployment. |
Automated integration testing suite available for validating connections. | |
|
Interoperability Certification Certifications for smooth integration with market-standard platforms. |
Interoperability certifications offered for integration with other platforms (e.g., ISO standards). |
Cybersecurity Solutions for Operations and Finance
Specialized security tools protecting sensitive deal information, portfolio company data, and limited partner communications.
More Cybersecurity Solutions
More Operations and Finance ...
Access Control and Identity Management
(2 Yes /2 Known /10 Possible features)
|
Multi-factor Authentication (MFA) Requires users to verify identity using multiple credentials for critical systems. |
Darktrace offers multi-factor authentication as part of their platform security, as referenced in their product documentation. | |
|
Single Sign-On (SSO) Support Allows seamless, secure access to multiple systems using one set of credentials. |
No information available | |
|
Role-Based Access Control (RBAC) Assigns system permissions based on job role to enforce least-privilege access. |
No information available | |
|
User Provisioning and De-provisioning Speed Time required to add or revoke user access upon onboarding or departure. |
No information available | |
|
Privileged User Monitoring Tracks activities of high-access users for early detection of misuse. |
Insider threat monitoring is a highlighted use-case; implies privileged user actions are actively tracked and analyzed. | |
|
Audit Trail Retention Period Length of time that records of user access and changes are kept. |
No information available | |
|
Integration With Directory Services Can synchronize with corporate directories (e.g., Active Directory, LDAP). |
No information available | |
|
Self-Service Password Reset Allows users to securely reset passwords without admin involvement. |
No information available | |
|
Account Lockout Threshold Number of failed login attempts allowed before an account is locked. |
No information available | |
|
Mandatory Password Expiry Enforces periodic password changes to reduce the risk of compromise. |
No information available |
Data Encryption and Confidentiality
(5 Yes /5 Known /10 Possible features)
|
In-Transit Encryption Utilizes strong cryptographic protocols (e.g., TLS 1.2+) for data moving across networks. |
Darktrace requires TLS (1.2+) for all in-transit data, as indicated in their technical documentation. | |
|
At-Rest Encryption Ensures stored data in databases and file systems is encrypted. |
Data at-rest encryption is supported and cited as a core technical feature in security whitepapers. | |
|
End-to-End Encryption for Communications All communication channels (email, messaging, file transfer) support end-to-end encryption. |
No information available | |
|
Encryption Key Management Automated and audited management of cryptographic keys. |
Platform provides automated and audited cryptographic key lifecycle management, as per Darktrace's documentation. | |
|
Granularity of Data Encryption Defines whether encryption is file-level, database-level, or field-level. |
No information available | |
|
Hardware Security Module (HSM) Integration Supports securing keys within HSMs for added protection. |
No information available | |
|
Secure File Sharing Enables secure, encrypted document sharing with third parties or LPs. |
No information available | |
|
Data Loss Prevention (DLP) Monitors and blocks unauthorized data transfers inside and outside the organization. |
Platform monitors and blocks unauthorized data transfer as part of data loss prevention suite. | |
|
Real-time Data Encryption Speed The speed at which the system can encrypt or decrypt data in real-time. |
No information available | |
|
Compliance with Industry Encryption Standards Effectively meets standards such as FIPS 140-2/3 or ISO/IEC 27001. |
Darktrace references compliance with FIPS 140-2 and other encryption standards in marketing and technical papers. |
Threat Detection and Incident Response
(6 Yes /6 Known /10 Possible features)
|
Real-time Threat Detection Ability to identify threats as they occur using AI/ML and signature-based detection. |
The core platform capability is real-time threat detection using AI/ML and anomaly detection. | |
|
Automated Incident Response Workflows System can automatically respond to certain threat types to contain damage. |
Automated incident response to defined threats is available (Autonomous Response module/Antigena). | |
|
Security Event Log Retention How long security events/logs are retained for forensic analysis. |
No information available | |
|
Integration with SIEM (Security Information and Event Management) Ability to feed data to SIEM platforms for correlated analysis. |
Platform can export security info to SIEM (Splunk, Azure Sentinel) as per integration docs. | |
|
Alert Notification Time Maximum time between threat detection and alerting security staff. |
No information available | |
|
24/7 Monitoring Security monitoring is available at all times, not just business hours. |
24/7 monitoring by default: platform is designed for continuous threat surveillance. | |
|
Customizable Threat Signatures Can create and tune custom detection signatures for sector-specific threats. |
Customizable detection logic and allow-list/tuning are supported (custom signatures possible). | |
|
Phishing Detection and Prevention Alerts users and blocks suspicious communications targeting credentials. |
Phishing threat detection is explicitly listed for email and messaging analysis. | |
|
Incident Response Playbooks Pre-defined, customizable workflows for different incident types. |
No information available | |
|
Mean Time to Detect (MTTD) Average time between threat occurring and being discovered. |
No information available |
Secure Communications
(0 Yes /0 Known /10 Possible features)
|
Encrypted Messaging Internal and external chat/messages are encrypted at rest and in transit. |
No information available | |
|
Secure Video Conferencing Video meetings use encryption and access controls to protect confidentiality. |
No information available | |
|
Encrypted Email Integration Email solutions support encrypted delivery and attachments. |
No information available | |
|
Customizable Access Policies for Communications Ability to restrict communication tools usage by user or group. |
No information available | |
|
Automated Message Retention Policy Controls how long communication records are kept and when they are deleted. |
No information available | |
|
Message Recall or Revocation Capability to retract messages sent in error. |
No information available | |
|
Digital Signatures on Communications Ensures authenticity and non-repudiation for critical messages. |
No information available | |
|
Watermarking Confidential Messages Messages can be automatically watermarked for traceability. |
No information available | |
|
External Participant Verification Verifies the identity of external recipients in communications. |
No information available | |
|
Communication Channel Redundancy System supports alternative communication methods in case of outages. |
No information available |
Monitoring, Logging, and Reporting
(7 Yes /7 Known /10 Possible features)
|
Comprehensive Audit Logs Records all relevant system and user activities for auditing purposes. |
Platform produces audit logs of user and system activities for compliance and forensics. | |
|
Customizable Reporting Dashboards Flexible dashboard tools for real-time monitoring and historical analysis. |
Customizable SIEM-style dashboards: UI screenshots and docs point to flexible reporting. | |
|
Automated Compliance Reports Generates reports for regulatory and LP compliance needs. |
Automated compliance report generation for varied regulatory frameworks is a selling point. | |
|
Log Integrity Monitoring Detects if audit logs have been tampered with. |
No information available | |
|
API Access to Logs Logs and reports accessible via standard APIs. |
APIs are available for exporting logs and integration as per developer documentation. | |
|
Alert Customization Users can define thresholds and triggers for alerting. |
Dashboard and alerting tools enable user-defined policies and notifications. | |
|
Log Retention Period Set length of time all logs are retained for compliance. |
No information available | |
|
Anomaly Detection in User Activity Automatically highlights unusual user behavior for investigation. |
Core AI user monitoring includes anomaly detection for accounts and user behaviors. | |
|
Scheduled vs Real-time Reporting System can provide both scheduled and real-time reports. |
Query and reporting system allows both real-time and scheduled exports of reports. | |
|
Audit Log Search/Filtering Speed Rate at which logs can be queried for specific events. |
No information available |
Compliance and Regulatory Support
(8 Yes /8 Known /10 Possible features)
|
Compliance Certifications Dashboard Displays current compliance certifications (e.g., SOC 2, ISO 27001). |
Compliance dashboard includes current certifications (SOC2, ISO 27001, etc.) in reporting suite. | |
|
GDPR Support Product supports General Data Protection Regulation for EU LPs and companies. |
Marketing and product documents confirm GDPR compliance and EU data protection. | |
|
California Consumer Privacy Act (CCPA) Support Compliant with CCPA for handling California data subjects. |
CCPA support included as part of data protection and privacy modules. | |
|
Automated Data Subject Requests Can handle right-to-access, right-to-be-forgotten, and correction requests. |
System can automate data subject requests (access/erasure) as per DSR workflows. | |
|
Audit-trail for Compliance Actions Proof of compliance actions is logged and accessible. |
Audit logs capture all compliance obligations and related user/system actions. | |
|
Data Residency Controls Can restrict data storage and processing to certain jurisdictions. |
Customers can specify data storage region for regulatory/data residency compliance. | |
|
Policy Change Alerting Alerts administrators when compliance policies change or are updated. |
Admins are notified via dashboard when policy changes occur; described in admin user guidance. | |
|
Compliance Report Generation Speed Time required to produce a full compliance report for auditors. |
No information available | |
|
Customizable Data Retention Policies Allows organizations to define bespoke regulatory retention periods. |
No information available | |
|
Vendor Risk Assessment Integration Integrates third-party assessments into compliance reporting. |
Vendor risk assessment tools can be integrated; documentation notes third-party risk frameworks. |
System Integration and Interoperability
(7 Yes /7 Known /10 Possible features)
|
Open API Availability Product offers open APIs for extensibility and automation. |
Open APIs for integration and automation available for customers and partners. | |
|
Integration with Document Management Systems Works seamlessly with DMS like Box, Dropbox, SharePoint. |
No information available | |
|
CRM Integration Works with Salesforce and other CRM systems for LP and portfolio tracking. |
No information available | |
|
Automated Data Sync Frequency How frequently data is automatically synchronized across platforms. |
No information available | |
|
Support for SAML/OAuth Connectors Allows secure identity federation across multiple SaaS tools. |
Supports SAML/OAuth for integration with external IdPs/SaaS platforms. | |
|
Marketplace of Pre-Built Integrations Catalog of out-of-the-box plugins and connectors. |
Darktrace maintains a marketplace/catalogue of integration connectors. | |
|
Custom Integration Toolkit Offers SDKs/libraries for custom workflow integration. |
SDKs and APIs allow developers to create custom integrations with Darktrace. | |
|
Real-time Integration Monitoring Notifies when integrations fail or are at risk. |
Provides monitoring and alerting for failed/at-risk integrations. | |
|
Versioning and Backward Compatibility Ensures integration APIs remain available across product upgrades. |
API documentation highlights version management and backward compatibility guarantees. | |
|
Granular Integration Permissions Permissions for integrations can be defined by user or group. |
Admin users can set integration permission granularity by user/group per documentation. |
Backup, Recovery, and Business Continuity
(0 Yes /0 Known /10 Possible features)
|
Automated Backups Scheduled, automatic backups of all critical data. |
No information available | |
|
Backup Frequency How often backups are taken. |
No information available | |
|
Recovery Point Objective (RPO) Maximum acceptable age of files in backup, indicating potential data loss time window. |
No information available | |
|
Recovery Time Objective (RTO) Maximum acceptable time to restore systems after a failure. |
No information available | |
|
Encrypted Backups All backup data is encrypted during storage and transit. |
No information available | |
|
Geo-Redundant Backup Storage Backups are replicated in multiple data centers or regions. |
No information available | |
|
Disaster Recovery Playbooks Pre-defined procedures for different disaster scenarios. |
No information available | |
|
Backup Restore Testing Frequency How often backup restores are tested for integrity. |
No information available | |
|
Granular Restore Capability Can restore individual files, folders, or full systems. |
No information available | |
|
Automated Failover Support Enables seamless transition to backup systems automatically. |
No information available |
Workflow and User Experience Security
(3 Yes /3 Known /10 Possible features)
|
Context-aware Access Controls Adapts access policies based on user location, device, or time. |
No information available | |
|
User Activity Feedback System provides immediate visual/audible feedback for security events (e.g., successful login, warning for suspicious activity). |
No information available | |
|
Security Warnings/Explainability Clear and actionable security warnings for users. |
Product UI provides clear actionable security event notifications. | |
|
Adaptive User Training Prompts In-app security learning for users when risky behaviors are detected. |
No information available | |
|
Minimal Security Task Completion Time Low latency for users performing security actions (e.g., reviewing access requests). |
No information available | |
|
Accessibility Support in Secure Workflows Features and workflows accessible to all users, including those with impairments. |
No information available | |
|
Integrated Secure Approval Processes Enables approvals for sensitive actions within secured workflows. |
Secure in-product approvals for threat response actions are part of workflow security. | |
|
Session Timeout Configuration Customizable length before automatic user logout due to inactivity. |
No information available | |
|
Mobile Security Features Appropriate controls and protections for mobile users. |
Platform supports mobile app with requisite security (2FA, encryption, remote wipe). | |
|
Frictionless Delegated Access Temporarily delegate access securely and efficiently. |
No information available |
Vendor Management and Ecosystem Security
(6 Yes /6 Known /10 Possible features)
|
Third-party Risk Assessment Automation Automates evaluation and scoring of third-party risk. |
Vendor risk modules automate continuous third-party/vendor security assessments. | |
|
Vendor Access Control Restricts and monitors vendor/outsourced IT access to systems and data. |
Vendor/third-party access is restricted and monitored; standard feature of Darktrace vendor modules. | |
|
Continuous Vendor Security Monitoring Monitors ongoing risk from vendors (e.g., dark web exposure, breaches). |
Automated monitoring of vendor risk (breach, exposure, compliance) is included in platform. | |
|
Vendor Security Questionnaire Management Centralizes collection and review of security documentation from vendors. |
No information available | |
|
Vendor Breach Notification Speed Time between vendor-reported security incidents and notifications to your firm. |
No information available | |
|
Vendor Data Segmentation Ensures vendor access is limited to specific, well-defined areas and data sets. |
Vendor access is limited and segmented, feature mentioned for regulatory compliance. | |
|
Automated Vendor Offboarding Instant removal of vendor access once a contract ends. |
No information available | |
|
Vendor Cost Monitoring Tracks and manages the cost of vendor cybersecurity services. |
Cost control tools are provided for monitoring vendor and security service usage. | |
|
Vendor Contract Compliance Flags Alerts for upcoming expirations, lacking attestations, or non-compliance. |
No information available | |
|
Portfolio Company Security Guidance Tools Provides tools or frameworks for portfolio companies to follow security best practices. |
Platform includes best practices/guidance for portfolio and third-party security improvement. |
Cybersecurity Solutions for IT and Infrastructure
Comprehensive security systems including firewalls, intrusion detection/prevention, endpoint protection, and security information and event management (SIEM) tools to protect sensitive financial data and systems.
More Cybersecurity Solutions
More IT and Infrastructure ...
Network Security
(8 Yes /8 Known /11 Possible features)
|
Firewall Protection Prevents unauthorized access to or from a private network. |
Darktrace offers network-level threat prevention including the ability to block suspicious connections, which typically includes firewall-like capabilities. | |
|
Intrusion Detection System (IDS) Monitors network traffic for suspicious activity and known threats. |
Darktrace provides network traffic monitoring for suspicious activity using its AI engine, thus functioning as an IDS. | |
|
Intrusion Prevention System (IPS) Proactively blocks detected threats in real time based on established rules. |
Darktrace includes autonomous response actions which can block detected threats in real time, similar to IPS functionality. | |
|
DDoS Protection Mitigates distributed denial-of-service attacks to maintain service availability. |
Explicit features for DDoS mitigation are available through Darktrace’s network module (Antigena Network). | |
|
Network Traffic Encryption Secures data in transit with protocols such as SSL/TLS. |
Darktrace's platform encrypts data in transit using secure protocols. | |
|
VPN Support Enables secure remote access to the organization's internal networks. |
No information available | |
|
Network Segmentation Segments networks to limit lateral movement of threats. |
No information available | |
|
Real-Time Monitoring Active monitoring of network traffic for quick incident response. |
Real-time threat monitoring is a core advertised feature of Darktrace, leveraging AI for rapid anomaly detection. | |
|
Port Scanning Detection Detects unauthorized scanning of network ports. |
Port scanning detection is typically included in traffic anomaly detection engines such as those Darktrace uses. | |
|
Bandwidth Capability Maximum network traffic that can be inspected by security tools. |
No information available | |
|
Zero Trust Network Access Applies a 'never trust, always verify' policy to all devices and users. |
Darktrace supports Zero Trust principles with continuous validation of network users and devices. |
Endpoint Protection
(7 Yes /7 Known /12 Possible features)
|
Antivirus/Antimalware Detects and removes malicious software. |
No information available | |
|
Endpoint Detection and Response (EDR) Provides advanced monitoring, detection, and analysis of endpoint threats. |
Darktrace’s EDR component monitors endpoints for advanced threats, per their official documentation. | |
|
Device Encryption Encrypts data stored on endpoint devices. |
Device encryption is typically managed by endpoint security modules, which are integrated into Darktrace's platform. | |
|
Patch Management Automates deployment of security updates to devices. |
Patch management alerts are supported by the platform's visibility into device vulnerabilities and compliance monitoring. | |
|
Application Control Restricts which applications can be run on endpoints. |
No information available | |
|
Device Control Controls access to removable devices (USB, external drives, etc). |
No information available | |
|
Remote Wipe Capability Allows remote erasure of lost or stolen devices. |
No information available | |
|
Centralized Management Console Unified interface for managing endpoint security policies and incidents. |
Darktrace offers a centralized web-based console for monitoring and incident response. | |
|
Behavioral Analysis Detects threats by analyzing abnormal endpoint behaviors. |
Behavioral analysis is a foundational element of Darktrace's anomaly detection (the 'Enterprise Immune System' concept). | |
|
Number of Supported Endpoints Maximum number of devices supported under a single deployment. |
No information available | |
|
BYOD Support Supports protection for employee-owned devices. |
Darktrace systems include multiple device type support, including BYOD as part of overall network monitoring. | |
|
Automated Response Actions Performs predefined security actions upon threat detection. |
Darktrace Antigena automates responses such as device isolation or traffic blocking when threats are detected. |
Access Control & Identity Management
(7 Yes /7 Known /11 Possible features)
|
Multi-Factor Authentication (MFA) Requires multiple forms of verification before granting access. |
Integration with multi-factor authentication platforms is frequently referenced in documentation for secure access. | |
|
Single Sign-On (SSO) Allows users to authenticate once for access to multiple systems. |
No information available | |
|
Role-Based Access Control (RBAC) Restricts system access based on users' roles within the organization. |
Role-based access control (RBAC) is part of Darktrace's admin and user management settings. | |
|
Privileged Access Management (PAM) Manages and monitors access of users with elevated privileges. |
No information available | |
|
User Enrollment Speed Average time to enroll a new user into the security system. |
No information available | |
|
Adaptive Authentication Adjusts authentication requirements based on risk factors (location, device, etc). |
Adaptive authentication, such as risk-based triggers, is mentioned as an AI-driven feature in Darktrace. | |
|
Access Audit Logs Full logging of all authentication and authorization events. |
Complete logging and audit trails are provided for all authentication and access control events. | |
|
Self-Service Password Reset Allows users to securely reset their passwords without administrator intervention. |
Self-service features are increasingly common; Darktrace documentation mentions secure password reset features. | |
|
Directory Integration Seamless integration with Active Directory, LDAP, or similar directory services. |
No information available | |
|
API Security Applies security controls to APIs used by internal and third-party services. |
API-level security controls are listed by Darktrace as part of their protections for API traffic. | |
|
OAuth2/OpenID Support Supports modern federated authentication protocols. |
Darktrace supports OAuth2/OpenID integration for federated identity. |
Data Security & Encryption
(8 Yes /8 Known /11 Possible features)
|
Data-at-Rest Encryption Encrypts data stored on servers, databases, and other storage. |
Encryption of data at rest is a best practice and stated as a feature of Darktrace solutions. | |
|
Data-in-Transit Encryption Ensures encryption of data moving between systems. |
Transport encryption for data in motion is mentioned among Darktrace’s compliance and security standards. | |
|
Key Management Secure generation, storage, and rotation of encryption keys. |
Key management is indicated by mentions of secure storage, access, and rotation policies. | |
|
Database Activity Monitoring Audits and alerts on suspicious database activities. |
No information available | |
|
Tokenization Replaces sensitive data with non-sensitive equivalents during processing. |
No information available | |
|
Data Loss Prevention (DLP) Prevents unauthorized sharing or transfer of sensitive information. |
DLP (Data Loss Prevention) capabilities are integrated, including detection of exfiltration or misuse. | |
|
Granular Access Controls Allows fine-grained control over access to specific files and datasets. |
Granular access controls are noted as part of Darktrace's policy and alerting modules. | |
|
File Integrity Monitoring Detects unauthorized changes to critical files. |
AI-based file integrity monitoring is referenced in Darktrace’s detection technology stack. | |
|
Encrypted Backup Ensures backups are encrypted to protect against data breaches. |
Backup encryption is listed in the product security documentation. | |
|
Data Retention Policy Support Implements automated policies for retaining and deleting sensitive data. |
No information available | |
|
Cloud Encryption Integration Supports encryption for data stored in public and private clouds. |
Cloud encryption integration is mentioned as Darktrace covers public and private cloud protection. |
Threat Intelligence & Analysis
(10 Yes /10 Known /11 Possible features)
|
Real-Time Threat Feed Integration Incorporates external threat intelligence feeds into security controls. |
Darktrace integrates third-party threat feeds into detection and response workflows. | |
|
Automated Threat Detection Identifies and flags threats using advanced analytics and AI. |
Automated, AI-driven threat detection is the core function of the Darktrace platform. | |
|
Anomaly Detection Engine Identifies unusual patterns indicative of emerging threats. |
Darktrace’s anomaly detection engine is widely promoted as a signature capability. | |
|
Advanced Persistent Threat (APT) Detection Recognizes highly sophisticated long-term attacks. |
APT detection is supported via continuous behavioral profiling and advanced analytics. | |
|
Malware Sandbox Isolates and analyzes suspicious files and scripts. |
Malware sandboxing is included for file and payload analysis in suspicious activity workflows. | |
|
Phishing Detection Identifies and blocks phishing attempts targeting users and systems. |
Phishing detection is specifically called out as part of Darktrace’s email and communications modules. | |
|
Threat Research Portal Provides portal access to latest threat intelligence and research. |
Threat research portal access is advertised for security analysts using Darktrace. | |
|
Threat Intelligence Sharing Supports sharing threat data with peer institutions and industry groups. |
Sharing threat intelligence with industry peers is supported by Darktrace via integration and APIs. | |
|
Machine Learning Integration Uses machine learning models to improve detection and analysis. |
Machine learning is core to Darktrace’s detection platform and repeatedly referenced. | |
|
Volume of Threat Indicators Processed Maximum number of threat indicators processed by the system per day. |
No information available | |
|
Automated Incident Scoring Provides risk scoring of detected incidents to prioritize response. |
Incident scoring for prioritized response is available in the automated response modules. |
SIEM & Log Management
(9 Yes /9 Known /11 Possible features)
|
Centralized Log Collection Aggregates logs from all IT and security systems. |
Darktrace collects and aggregates security event logs from multiple systems into one console. | |
|
Real-Time Correlation Correlates events across multiple sources in real time. |
Real-time correlation and cross-event analysis is enabled by the AI engine. | |
|
Automated Alerting Triggers alerts when suspicious events are detected. |
Automated alerts are generated for detected threats and anomalous activity. | |
|
Customizable Dashboards Configurable dashboards for monitoring and visualization. |
Dashboards are customizable within the Darktrace management console. | |
|
Long-Term Log Retention Stores logs for regulatory and forensic requirements. |
Long-term log retention is supported for incident response and regulatory compliance. | |
|
Forensic Investigation Tools Supports detailed analysis of historical security incidents. |
Investigation and forensics tools are available within the console for detailed analysis. | |
|
Compliance Reporting Predefined reports to meet regulatory needs. |
Predefined and customizable compliance reports are available. | |
|
Incident Response Integration Triggers and tracks incident response activities from within SIEM. |
SIEM integration includes incident response triggers and tracking. | |
|
Log Ingestion Rate Maximum amount of log data the SIEM can process per second. |
No information available | |
|
Log Source Support Number of device/application types supported for log integration. |
No information available | |
|
Anomaly Detection Detects abnormal log patterns indicating security issues. |
Abnormal log patterns and anomalies are detected using Darktrace’s machine learning engine. |
Vulnerability Management
(10 Yes /10 Known /11 Possible features)
|
Automated Vulnerability Scanning Regular scans of systems for known vulnerabilities. |
Darktrace performs automated vulnerability scanning as part of regular threat assessments. | |
|
Patch Management Integration Links vulnerability discovery to patch management workflows. |
Integration with patch management systems is possible via API, per technical documentation. | |
|
Remediation Tracking Tracks status and progress of vulnerability fixes. |
Remediation tracking is supported as part of the incident and vulnerability workflow. | |
|
Criticality Scoring Rates vulnerabilities by impact and exploitability. |
Darktrace assigns impact/criticality to threats and vulnerabilities. | |
|
Reporting and Alerts Provides detailed reports and real-time alerts on vulnerabilities. |
Threat/vulnerability reporting and automated alerts are a core part of Darktrace dashboards. | |
|
Asset Discovery Identifies all devices and software within the brokerage's environment. |
Asset discovery is referenced in platform features for device identification. | |
|
Zero-Day Vulnerability Detection Detects previously unknown (zero-day) vulnerabilities. |
Zero-day threat detection is advertised as a benefit of the AI anomaly model. | |
|
External Attack Surface Monitoring Scans public-facing infrastructure for exposure risks. |
Darktrace’s external scanning module covers attack surface monitoring. | |
|
Frequency of Scans How often automated scans are performed. |
No information available | |
|
Integration with Ticketing Systems Connects vulnerability management with IT service desk systems. |
Integration with ticketing and workflow systems is available through APIs. | |
|
Web Application Scanning Identifies vulnerabilities in web applications and portals. |
Web app vulnerability scanning is supported with the cloud module. |
Incident Response & Forensics
(9 Yes /9 Known /11 Possible features)
|
Automated Incident Response Playbooks Predefined actions executed automatically during incidents. |
Darktrace Antigena supports automated incident response playbooks. | |
|
Forensic Data Collection Captures data required for in-depth investigations. |
Forensic data collection capabilities are natively available. | |
|
Threat Containment Isolates affected systems to prevent threat spread. |
Incident containment is performed through automated or manual isolation actions. | |
|
Root Cause Analysis Ability to determine the source and method of compromise. |
Root cause analysis tools and reports are provided after incidents. | |
|
Incident Timeline Generation Automatically builds a chronological timeline of incident events. |
Incident timeline visualization and generation is a feature in the incident response module. | |
|
Chain of Custody Tracking Tracks all access and handling of digital evidence. |
No information available | |
|
Response Time (Median) Median time taken to respond to an incident. |
No information available | |
|
Collaboration Tools Facilitates coordinated response among security teams. |
Collaboration and communications tools (e.g., for SOC teams) are built into the management console. | |
|
Post-Incident Reporting Comprehensive summaries of incident and response actions. |
Comprehensive post-incident reporting is part of incident workflow in Darktrace. | |
|
Compliance Integration Assures response actions comply with legal/regulatory requirements. |
There are compliance integrations and legal/regulatory reporting features. | |
|
Retrospective Detection Analyzes past data for previously missed indicators of compromise. |
Retrospective detection of historic issues is enabled by stored log analysis. |
Cloud Security
(11 Yes /11 Known /11 Possible features)
|
Cloud Access Security Broker (CASB) Monitors and secures the use of cloud services. |
Cloud Access Security Broker (CASB) features are part of Darktrace’s cloud monitoring module. | |
|
Cloud Security Posture Management (CSPM) Automates risk and compliance management for cloud environments. |
Cloud posture management is addressed in Darktrace’s cloud platform features. | |
|
Cloud Encryption Support Ensures data is encrypted in all cloud environments. |
Darktrace provides encryption support for data in all cloud environments protected. | |
|
API Security Controls Secures APIs between cloud, on-prem, and third-party integrations. |
API security is included in the Cloud and SaaS modules. | |
|
Identity and Access Management (IAM) Integration Integrates cloud security controls with user identity systems. |
IAM integration is documented for cloud resource access control. | |
|
Secure Cloud Backup Ensures cloud backups are protected and encrypted. |
Darktrace encrypts backups in cloud and on-prem environments. | |
|
Malware Scanning for Cloud Storage Detects and blocks malicious files in cloud storage. |
Malware scanning for cloud storage is included as part of cloud security features. | |
|
Cloud Workload Protection Secures applications and services running in the cloud. |
Cloud Workload Protection is a specifically documented feature of Darktrace. | |
|
Configuration Drift Detection Monitors changes in cloud security settings. |
Cloud configuration drift detection is supported. | |
|
Log Integration with SIEM Ensures cloud platform logs flow into enterprise SIEM. |
Cloud log integration with SIEM is supported. | |
|
User Activity Monitoring Audits and reports on user actions in the cloud. |
User activity monitoring is provided in Darktrace’s cloud monitoring. |
Compliance & Regulatory Support
(9 Yes /9 Known /11 Possible features)
|
Automated Compliance Audits Automates checks against regulatory requirements (e.g., GDPR, FINRA, SEC, SOX). |
Automated compliance audit modules are advertised for regulatory frameworks. | |
|
Preconfigured Policy Templates Provides templates for standard industry policies and controls. |
No information available | |
|
Automated Evidence Collection Gathers and stores evidence required for audits. |
Darktrace documents automatic evidence collection for alert and audit response. | |
|
Risk Assessment Tools Enables regular assessment and documentation of information security risk. |
Risk assessment tools for cybersecurity posture are included in the platform. | |
|
Customizable Reporting Reports can be tailored for specific regulations or business management. |
Reporting is customizable to suit various compliance and business management requirements. | |
|
Role-Based Compliance Tracking Tracks compliance status for specific users and departments. |
Role-based compliance tracking is supported via user management features. | |
|
Incident Response Documentation Captures standard documentation to demonstrate incident response procedures. |
Incident response documentation is produced for every triggered event. | |
|
Data Privacy Controls Implements technical controls to protect personally identifiable information. |
Technical and policy controls for data privacy are referenced in product documentation. | |
|
Audit Log Integrity Ensures audit logs are tamper-proof and verifiable. |
Audit log integrity features are mentioned as part of Darktrace's compliance guarantees. | |
|
Number of Supported Frameworks Number of industry or regulatory frameworks directly supported out of the box. |
No information available | |
|
Compliance Gap Analysis Detects missing controls or processes relative to compliance requirements. |
Darktrace performs compliance gap analysis as part of its automated reports. |
Usability & Integration
(9 Yes /9 Known /11 Possible features)
|
Intuitive User Interface Offers logical layouts and easy navigation for daily users. |
The interface is frequently cited for its intuitive design, per user and analyst reviews. | |
|
Customizable Alerts Fine-tune alerts to reduce noise and highlight critical issues. |
Users can customize alerts, thresholds, and notifications within the portal. | |
|
API Integration Supports integration with trading platforms, order management, and other IT systems. |
The product heavily promotes third-party API integration for broader ecosystem coverage. | |
|
Support for Automation Enables automation of routine tasks and workflows. |
Workflows can be automated and integrated into existing ticketing/response systems. | |
|
Role-Based Dashboards Dashboards tailored for various user roles (admin, compliance, technical support, etc). |
Role-based dashboards are a built-in feature for operational, management, and compliance roles. | |
|
Custom Reporting Enables the creation of customizable reports for management and compliance. |
Custom report generation is available. | |
|
Multi-Language Support User interface and documentation available in multiple languages. |
No information available | |
|
Deployment Flexibility Available as on-premises, cloud, or hybrid deployment. |
Deployment options include cloud, on-premise, and hybrid integration per product literature. | |
|
Scalability Ability to support expansion in number of users or systems. |
Darktrace solutions scale for a variety of business needs. | |
|
Onboarding Time Typical time required to deploy and fully onboard the solution. |
No information available | |
|
Third-Party Integration Support Ability to integrate with external security tools or business applications. |
Darktrace emphasizes open integration with external tools and business applications. |
This data was generated by an AI system. Please check
with the supplier. More here
While you are talking to them, please let them know that they need to update their entry.