Cyber Defense (Intrusion Detection and Prevention)

Our range of tools assist you with monitoring your networks and systems for suspicious and malicious activities, as well as policy violations.

We also promote and support tools for continuous vulnerability monitoring. Continuous monitoring overlaps with your other security tools and provides insights across your operational security controls. It also improves threat awareness, and provides the foundation to correlate controls in a way that moves beyond defense of a single system.

The practice of continuous monitoring involves:

  • Identifying your infrastructure,
  • Keeping watch over it and the sensitive data it holds,
  • Knowing its vulnerabilities, and
  • Understanding the causal relationships between events and activities as they happen.

section icon security products Solutions + Partners

  • Darktrace Self-Learning Cyber Defense

    Darktrace deals with breach identification, breach remediation and insider threats by automatically alerting you to anomalies within your environment and allowing you to play events back through a threat visualiser.

    Darktrace deals with breach identification, breach remediation and insider threats by automatically alerting you to anomalies within your environment and allowing you to play events back through a threat visualiser.

    Identifying a breach can take a very long time - one study measured this as an average of 146 days! Once identified you then have the additional time needed to discover what the attacker/insider has compromised and what damage has been done. Often attackers will move through an environment to give themselves multiple areas for re-entry in case of a detection and to get access to more data/accounts.

    It’s often very difficult to cut through the noise that event management and SIEM technologies create to get the information you need.

    Darktrace automates breach identification and remediation through network and machine learning. The tool discovers what normal user and machine behaviour looks like and then alerts your team (or the SSS team) to any anomalies within your environment. In addition it will allow your team (or ours) to play the event back through a visualiser that shows the threat through a 3D interface of your network topology.


    Below is a summary of the six core elements of the Darktrace solution set:


    1.DarkTrace Core:

    Physical Appliance similar to a SIEM or TRIM solution but it is cutting a lot of the ‘noise’ down that Customers have to pay attention to.

    Darktrace (Core) is the Enterprise Immune System’s flagship threat detection and defense capability, based on unsupervised machine learning and probabilistic mathematics.

    Powered by advanced machine learning, together with a new branch of Bayesian probability theory, developed by mathematicians from the University of Cambridge, Darktrace is the only genuinely self-learning cyber defense technology proved to work at scale. It is capable of detecting cyber-threats and anomalous behaviors that bypass traditional security tools, without prior knowledge of specific threats, or using rules or signatures.

    Darktrace works by analyzing raw network data, creating unique behavioral models for every user and device, and for the relationships between them.


        Adaptive – evolves with your organization

        Self-learning – constantly refines its understanding of normal

        Probabilistic – works out likelihood of serious threat

        Real-time – spots threats as they emerge

        Works from day one – delivers instant value

        Low false positives – correlation of weak indicators

        Data agnostic – ingests all data sources

        Highly accurate – models human, device and enterprise behaviour

        Installs in 1 hour – no configuration


    2. Darktrace Threat Visualizer

    The Threat Visualizer is Darktrace’s real-time, 3D threat notification interface. As well as displaying threat alerts, the Threat Visualizer provides a graphical overview of the day-to-day activity of your network(s), which is easy to use, and accessible for both security specialists and business executives.

    Using cutting-edge visualisation techniques, the Threat Visualizer user interface automatically alerts analysts to significant incidents and threats within their environments, enabling analysts to proactively investigate specific areas of the infrastructure.


        3D visualisation of entire network topology

        Real-time global overview of enterprise threat level

        Intelligently clusters anomalies

        Pan-spectrum viewing – higher-order network topology; specific clusters, subnets, and host events

        Searchable logs and events

        Replay of historical data

        Concise summary of overall behaviour for device and external IPs

        Designed for business executives and security analysts


    3.DarkTrace ICS

    Industrial Control Systems & SCADA

    Darktrace ICS, also known as the Industrial Immune System, is a fundamental innovation that implements a real-time ‘immune system’ for operational technologies, such as SCADA, and enables a fundamental shift in the approach to cyber defense.

    Darktrace ICS retains all of the capabilities of Darktrace in the corporate environment, creating unique, behavioural understanding of the ‘self’ for each user and device within the network, and detecting threats that cannot be defined in advance by identifying even subtle shifts in expected behaviour. 


        Unprecedented visibility into ICS activity

        Protects against insider threat, including operators and privileged users

        Detects threats in real time

        Coverage of both IT and OT environments

        Correlates actions over time, for refined understanding of ‘normal’


    4. Darktrace Antigena -  This is their remediation and protection module.

    The machine fights back

    When the human immune system is faced with a new threat, not only can it detect it, but it produces antibodies that bind to it, and ultimately neutralise it. Darktrace Antigena replicates this function of the human immune system, by creating ‘digital antibodies’ in response to in-progress threats.

    Antigena acts automatically to restrain or contain threats quickly enough to allow humans to catch up. It could only take 20 minutes for a major threat, such as a ransomware attack, to evolve into a crisis – Antigena’s automated action slows, or stops threats in a targeted fashion, to provide security teams with a vital time window in which to take mitigating action.

    Antigena’s response capability allows organisations to directly fight back, and networks to self-defend against specific threats, without disrupting your organisation.

    Darktrace Antigena modules are deployed as physical appliances, complementing the core Darktrace appliance. They can also interface with Software Defined Networks (SDNs) and Active Directory, and are fully configurable.

        Antigena Internet – Regulates user and machine access to the internet and beyond

        Antigena Network – Regulates machine and network connectivity and user access permissions

        Antigena Email – Regulates email, chat and other messaging protocols



        Directly inoculates against a full range of threats

        Prevents, slows, or disrupts activity in real time

        Self-defends and self-improves

        Stops threats before they spread


    5. Darktrace Virtulization (vSensor  & OS-Sensor)

    Darktrace vSensors 

    Darktrace vSensors are lightweight software components that extend Darktrace’s visibility in virtualized environments. It provides the Enterprise Immune System with comprehensive visibility of today’s distributed infrastructures.

    vSensor software is installed as a ‘virtual appliance’ configured to receive a SPAN from the virtual network switch. This allows it to capture all inter-VM traffic, without a single packet being lost or dropped by the system. It stores the packet captures on a rolling basis, optimising the disk space and I/O performance and ensuring that there is minimal impact on the performance of the server. Only one vSensor needs to be installed on each hardware server, allowing for scalability.


    Darktrace OS-Sensors

    Darktrace OS-Sensors are lightweight, host-based server agents that extend Darktrace’s visibility into third-party cloud environments, including Amazon AWS, Rackspace, and Microsoft Azure.

    OS-Sensors intelligently extract single copies of network traffic for analysis by the master Darktrace appliance. They are easily installed onto virtual machines in the cloud and capable of dynamically configuring themselves to avoid data duplication and streamline bandwidth use. Working in conjunction with vSensors, data is aggregated and fed back to the master appliance, via a secure connection.



        Ingests virtual traffic from a limited set of IPs

        Sends data efficiently and securely to the Darktrace master appliance

        Sends approximately 1% of the original raw network data ingested to the master appliance

        Works with third-party clouds


    6. DarkTrace SaaS Connectors

    Extending self-learning detection to rich user data in SaaS platforms

    As organisations embrace cloud applications, significant blind spots have developed beyond the traditional enterprise network. Valuable enterprise data and rich user interactions within SaaS applications contain critical security insights, but are not always accessible to IT security teams.

    Darktrace SaaS Connectors provide coverage of these rich datasets, extending the power of Enterprise Immune System technology into previously-unseen areas of your infrastructure, including:

        User logins

        Data transfers

        Download data

        Software updates



        Complete visibility of user interactions within SaaS applications

        Easy install — less than an hour

        Early-stage threat detection

  • AlienVault

    AlienVault® Unified Security Management® (USM) delivers built-in intrusion detection systems as part of an all-in-one unified security management console.

    AlienVault® Unified Security Management® (USM) delivers built-in intrusion detection systems as part of an all-in-one unified security management console. It includes built-in host intrusion detection (HIDS), network intrusion detection (NIDS), as well as cloud intrusion detection for public cloud environments including AWS and Microsoft Azure, enabling you to detect threats as they emerge in your critical cloud and on-premises infrastructure.

    To ensure that you are always equipped to detect the latest emerging threats, AlienVault Labs Security Research Team delivers continuous threat intelligence updates directly to the USM platform. This threat data is backed by the AlienVault Open Threat Exchange® (OTX™)—the world’s first open threat intelligence community.

    • Leverage intrusion detection for any environment with built-in cloud IDS, network IDS, and host-based IDS (including File Integrity Monitoring (FIM))
    • Use the Kill Chain Taxonomy to quickly assess threat intent and strategy
    • Make informed decisions with contextual data about attacks, including a description of the threat, its method and strategy, and recommendations on response
    • Use automatic notifications so you can be informed of key threats as they happen
    • Work more efficiently with powerful analytics that uncover threat and vulnerability details - all in one console
  • Tripwire

    Breaches, exploits and cyber-attacks that prey on ambiguity, gaps and oversights put your sensitive data at risk.

    Breaches, exploits and cyber-attacks that prey on ambiguity, gaps and oversights put your sensitive data at risk. To protect it, you need control over security configurations and changes, and visibility into events of interest across physical, virtual and cloud-based IT infrastructures. Tripwire VIA gives you control of your IT infrastructures to protect your organization's critical data.

    Tripwire provides: