Darktrace Enterprise Immune System: IDPS Product Overview and Analysis

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

See our complete list of top Intrusion Detection and Prevention Systems.

Company Description

Darktrace was founded in Cambridge, UK, in 2013 by mathematicians and machine learning specialists from the University of Cambridge, together with world-intelligence experts from MI5 and GCHQ. The goal was to detect emerging cyber threats to proactively defend against in-progress cyber attacks. The company has raised over $175 million in funding from investors and is headquartered in Cambridge, UK, and San Francisco, with offices around the world.

Note that Darktrace does not consider itself an IPS or IDPS solution, and Gartner agrees that the company does not fit that category. However, the analyst firm named it a vendor to watch for this area of the market.

Product Description

The Darktrace Enterprise Immune System is machine learning technology for cyber defense. Inspired by the self-learning intelligence of the human immune system, this new class of technology is said to enable a fundamental shift in the way organizations defend themselves, amid a new era of sophisticated and pervasive cyber-threats. Powered by machine learning and AI algorithms, it iteratively learns a unique “pattern of life” (“self”) for every device and user on a network, and correlates these insights in order to spot emerging threats that would otherwise go unnoticed.

Like the human immune system, the Enterprise Immune System does not require previous experience of a threat or pattern of activity in order to understand that it is potentially threatening. It works automatically, without prior knowledge or signatures, detecting and fighting back against subtle, stealthy attacks inside the network in real time.

In its IDPS Magic Quadrant, Gartner said Darktrace deploys like existing IDS technology, “but then uses a number of existing and its own custom-developed algorithms and analytics to build a mathematical model of users and entities on a network, looking for outliers that are turned into alerts for analysts to then investigate. … This approach is innovative because it helps deal with a number of pressing issues in the network security market as the technology addresses alert fatigue by generating significantly less alerts for analysts to triage.”

The technology can also detect active threats on the inside of a network, but, because there is no “known threat” capability, it does not rapidly detect existing known threats, Gartner added.

Markets and Use Cases

Large enterprise sites across all verticals.


The Darktrace vSensor extracts only the relevant metadata using the Darkflow system, sending 1% of the original raw network traffic ingested onto the master appliance wherever it is located on the physical network.


Darktrace is powered by unsupervised machine learning, which is capable of learning what is normal and what is abnormal inside a network on an evolving basis, without using training data or customized models. This allows it to detect cyber-attacks that may not have been observed before, the “unknown unknowns.”


Hardware appliance and software




Not disclosed

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Drew Robb Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis