Cybersecurity needs to get smarter. AI plays an important role in this. At Darktrace, they are tackling this challenge in their very own way, we hear from the company. How exactly? You can read about that in this article.
The quote in the title pretty much sums up how Darktrace sees itself. It considers itself to be a player that approaches cybersecurity from a completely different perspective than other companies in this segment. Hence SVP Cyber Innovation Pieter Jansen’s claim that Darktrace has no competition. We always like statements like that, provided the facts support them, of course. As it turns out, they appear to do just that. We will come back to this later in the article.
Pieter Jansen was the founder (in 2015) and CEO of Cybersprint. That company specialized in Attack Surface Management. It has been part of Darktrace since last year. There, it is part of the company’s Prevent offering. In addition, Darktrace also has Detect, Respond and Heal. In other words, it has something to offer for all stages of an attack.
AI company with strong focus on security
Darktrace clearly is a cybersecurity company. First and foremost, however, it is also an AI company. So it is an AI company with a strong focus on security, Jansen points out. That sounds like a marketing statement to our ears. What Jansen means by it, however, is that AI is at the foundation of the entire company. If the founders had wanted it in 2013, they could have built another kind of company around it, so to speak. Hence, he regularly refers to it as Cyber AI, or AI suitable for cybersecurity purposes.
This distinction may seem unimportant. However, it certainly is not, Jansen points out. Rather, it is fundamental. He draws a comparison with how most other cybersecurity players deploy AI. After all, those players are coming into the AI world from cybersecurity. “Often these have started working on it within the last five years, and often they come from a specific part of the cybersecurity world,” he continues. As an example of such a world, you can think of network security, but there are countless other cybersecurity subfields in which there are specialists who in time have also started using AI.
Darktrace does not come from a specific corner of the security market because that is simply not the order in which that company operates. Self-learning AI comes first, then comes the specific application.
Rethinking the issue: attackers aren’t the starting point, organizations are
Darktrace was working on self-learning AI very early on, Jansen points out. Much earlier than security players who are currently doing well in the market with their AI capabilities. Not only that, Darktrace – partly because of its different approach – chose a different way to protect organizations. Where many other security players focus on the attacks and attackers, Darktrace looks at the organization.
If you put the organization – and not the attacks and attackers – at the center, then you can protect it much more effectively. That is at least the idea behind Darktrace’s strategy. Using its AI models, it is possible to generate a baseline for each organization of what it means for that organization to be secure. This baseline is updated in real time based on changes in the business. You can’t achieve this easily when you focus on attacks and attackers. Tools who do that typically protect organizations primarily against known and existing attacks, or new attacks that closely resemble existing attacks. That’s not enough to be truly secure.
So what Darktrace does is about establishing a baseline, or identifying normal traffic patterns. Abnormalities in those normal patterns are immediately noticed, after which something can be done about them (automated or otherwise). This is not a single baseline per organization, by the way; there may be thousands per organization. Not everyone has the same privileges and works in the same department, so there is no reason to assume that traffic patterns are the same for different employees.
Suitable for all organizations
It’s clear to us by now that Darktrace takes a pretty different approach than the bulk of the security market. The only story we’ve heard recently that is somewhat similar is from Extrahop. That company also talks about establishing normal patterns within organizations. However, that is focused only on the network, or NDR. That’s also where it started for Darktrace, by the way, but it is now also strong and successful with this approach in the area of email security, we hear from Jansen. In these two areas, they get the highest peer reviews at Gartner.
Darktrace is basically easy to fit into an organization’s security stack. That is, in principle, it can add value at all organizations, “from organizations that have nothing in place to organizations that already have a lot in place,” according to Jansen. That it works well in both greenfield and brownfield has to do with the differences between basic and advanced functionality, according to him. If you don’t have anything in place yet, you take the whole platform from Darktrace. If you already have a lot of security tooling in place, Darktrace can always go that little bit deeper to secure the organization as a whole even better.
Extra layer of protection against targeted attacks
At this point the question arises as to whether Darktrace is there to replace existing tooling, or to add an extra layer. According to Jansen, it is mainly the latter: “We are actually very relevant for defense in depth, not so much as a replacement.” In other words, Darktrace is very good at preventing/detecting highly specialized attacks precisely because of the many baselines it has within organizations. Jansen cites Microsoft as an example. That company’s tools are good for basic security, but Darktrace is much better at things like microresponses. Jansen also points in this regard to a blog from 2021 in which Microsoft explicitly recommends taking Darktrace. Darktrace itself has also created an extensive web page about the collaboration between the two companies.
“There are companies that know a little bit about every organization, but we know everything about your organization,” Jansen summarizes Darktrace’s added value for organizations. That may sound a bit frightening, but it is not meant that way. The fact that Darktrace’s models know everything about an organization actually makes it possible to repel those specialized attacks. Hence the quote from the title about the lack of competition for Darktrace. Yet with this, Jansen also clearly indicates that Darktrace’s added value is primarily the extra layer of protection, especially against targeted attacks.
On the one hand, having a “unique” position in a market is, of course, nice and certainly very clever. Especially in the security market, where there are now some 3,500 vendors. However, it also means that it is sometimes difficult to place Darktrace in that market. In that respect, it is good for Darktrace that Gartner has now started looking at a Cyber AI category. That’s already helping quite a bit. Of course, the (positive) peer reviews posted there are also very nice to have for the company. Finally, the partnerships Darktrace has with all the major players in the market are a good way to get attention. The company also works with integrators and MSPs, many of whom have now included Darktrace as an integral part of their stack, we hear from Jansen.
All in all, Darktrace plays it pretty smart this way. With this approach, it manages to get and stay on the radar of potential customers despite a non-trivial story, not to mention the need for what Darktrace can add to the layered security approach that is essential these days.
Also read: Cybersecurity in 2023: Is it five to or five past twelve?