Darktrace Enterprise Immune System: IDPS Product Overview and Analysis

See our complete list of top Intrusion Detection and Prevention Systems.

Company Description

Darktrace was founded in Cambridge, UK, in 2013 by mathematicians and machine learning specialists from the University of Cambridge, together with world-intelligence experts from MI5 and GCHQ. The goal was to detect emerging cyber threats to proactively defend against in-progress cyber attacks. The company has raised over $175 million in funding from investors and is headquartered in Cambridge, UK, and San Francisco, with offices around the world.

Note that Darktrace does not consider itself an IPS or IDPS solution, and Gartner agrees that the company does not fit that category. However, the analyst firm named it a vendor to watch for this area of the market.

Product Description

The Darktrace Enterprise Immune System is machine learning technology for cyber defense. Inspired by the self-learning intelligence of the human immune system, this new class of technology is said to enable a fundamental shift in the way organizations defend themselves, amid a new era of sophisticated and pervasive cyber-threats. Powered by machine learning and AI algorithms, it iteratively learns a unique “pattern of life” (“self”) for every device and user on a network, and correlates these insights in order to spot emerging threats that would otherwise go unnoticed.

Like the human immune system, the Enterprise Immune System does not require previous experience of a threat or pattern of activity in order to understand that it is potentially threatening. It works automatically, without prior knowledge or signatures, detecting and fighting back against subtle, stealthy attacks inside the network in real time.

In its IDPS Magic Quadrant, Gartner said Darktrace deploys like existing IDS technology, “but then uses a number of existing and its own custom-developed algorithms and analytics to build a mathematical model of users and entities on a network, looking for outliers that are turned into alerts for analysts to then investigate. … This approach is innovative because it helps deal with a number of pressing issues in the network security market as the technology addresses alert fatigue by generating significantly less alerts for analysts to triage.”

The technology can also detect active threats on the inside of a network, but, because there is no “known threat” capability, it does not rapidly detect existing known threats, Gartner added.

Markets and Use Cases

Large enterprise sites across all verticals.


The Darktrace vSensor extracts only the relevant metadata using the Darkflow system, sending 1% of the original raw network traffic ingested onto the master appliance wherever it is located on the physical network.


Darktrace is powered by unsupervised machine learning, which is capable of learning what is normal and what is abnormal inside a network on an evolving basis, without using training data or customized models. This allows it to detect cyber-attacks that may not have been observed before, the “unknown unknowns.”


Hardware appliance and software




Not disclosed

Drew Robb
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Latest articles

Top Cybersecurity Companies

Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.

Related articles