Do we use Threat Intel or Dark Web monitoring?

What is Currently, no. 

A close eye is being kept on feature requests to decide what should be on the roadmap for PREVENT next.

The reason for that is the following: Dark web monitoring tells you if somebody dumped something that looks like it belongs to you on ... the Dark Web (one of many, many places that cyber crime collaboration happens). It is very hard to operationalise this type of historic threat intelligence and can even be misleading (‘nothing found on the Dark Web? That means my data hasn’t been dumped, right?’ - wrong 🙁 ). ASM looks at your specific infrastructure that is internet facing, tells you about it continuously and tells you if there are tech problem - and feeds back to DETECT & RESPOND. 


What is the best way to show case Darktrace value when dealing with competition? 

What is "POV"


How is PREVENT/ASM deployed?

What is "Cloud delivered". 

Super easy and fast as it is Cloud delivered. All we need is the brand name which is used as input and the AI takes the attackers’ perspective to seek out the brand online (this is Zero-scope).


What does "NDR" stand for?

What is "Network Detection and Response" 


What company invented deep dish Pizza?

what is "Uno" 



What is the objective of a penetration test?

What is "to test is to check that security controls are in place and work as expected"

But human teams (particularly if external) may not always find the best attack paths to test during a brief, point-in-time, pentest. This does not reflect attacker reality, which is to lie in wait until a strong attack path reveals itself. E2E can identify high-impact targets and pathways so that red teams can exploit/test them. This supplies the pen testers and red teams with a focus, ultimately getting you the most out of your pen testing security measures.


What does a SIEM do? 

What is "log correlation" 


Security Information and Event Management (SIEM) products aggregate data for various uses in IT operations. A primary capability of SIEMs is log correlation, which allows the tool to pull together log information from a variety of sources, including security tools, network devices, servers, and applications. In this way, SIEMs can consolidate the many logs generated from a specific event into a single security incident and unify monitoring. The patchwork approach SIEMs offer to centralizing log data and security alerts is starkly different from the Darktrace Cyber AI Platform’s advanced threat detection, automatic incident investigation, and Autonomous Response capabilities.




If a Customer already has Darktrace and all of the correct requirements to deploy, what do we have to do to deploy E2E? 

What is "switch E2E module to "on" in your deployment".

This is ery simple! We don’t need to ship any hardware all we need to do is switch on our E2E module within the existing deployment as we are just leveraging the data that is already being collected.


According to IBM, the global average cost of a data breach is how much? 

What is 3.9 Million


How many "real"  teeth did have in his mouth when he was sworn in as president in 1789?

What is "1"


Does PREVENT/ASM have false positives?

What is "No"

. Every asset discovered is there for a reason and technical proof is delivered on why it was added.


What is a tool like Crowdstrike designed to protect?

What is laptops and PC's

Endpoint solutions are designed to protect laptops and PCs from cyber-attacks. The more advanced endpoint vendors sometimes get described as ‘next-gen anti-virus’, but they’re really just advanced protective skin. These solutions are as complementary to Darktrace as traditional AV. Overall, they are deployed as lightweight agents on every corporate laptop and PC.


What does a customer NEED TO HAVE to deploy E2E? 

What is "M365 and Detect/Network" 

- Customer uses M365 (formerly O365) as email provider

- Customer uses DETECT/Network


What is "Net Flow"

What is "a protocol used to collect metadata on IP traffic flows traversing a network device"

NetFlow is a protocol used to collect metadata on IP traffic flows traversing a network device.

Developed by Cisco Systems, NetFlow is used to record metadata about IP traffic flows traversing a network device such as a router, switch, or host.


What food item was used an an eraser before rubber erasers were invented? 

What is "a rolled up piece of white bread"


Is Newsroom part of the ASM offering? How is it priced?

What is "Newsroom comes as a default feature of Darktrace PREVENT/ASM. It is not an addon and will not be priced separately."


Where does a clients data go that uses Extra Hop?

What is the Cloud. this is a secruity risk

What AI does PREVENT/ASM use?

What is "natural language processing and image classification algorithms"

Darktrace PREVENT/Attack Surface Management uses AI to determine a Brand’s DNA: what uniquely distinguishes a brand-owned assets from everything else on the internet. It processes features such as logos that can be found on a webpage or domain names to predict and identify brand-related assets. 

When it comes to AI, Darktrace PREVENT/ASM relies most heavily on natural language processing and image classification algorithms. These methods are used to tackle the most ambiguous and error-prone assets encountered.


How is Darktrace/Cloud deployed?

What is "a combination of our lightweight sensors and native mirroring options (only available in AWS (VPC Mirrorring) and GCP (Packet mirroring)) to gain access to the traffic and enable visibility of these cloud environments.


There's only one Blockbuster still operating in the U.S.- where is it?

What is "Bend, Oregon"


What are the "Nice to haves", but not necessarily required for a customer to be able to activate E2E?

What is "Customer uses Darktrace/Email

Customer uses Microsoft Defender, Crowdstrike, Sentinel One or Darktrace/Endpoint"


What are the differences between Darktrace and Vectra?

What is "supervised machine learning (rules), dumbed down UI, no Response capability".

Supervised machine learning, looking for ‘known’ threat types trained in a lab(send data to cloud) Dumbed-down UI – no play-back, no visualization (‘Just another dashboard’)  Pure detection play, no Antigena - referred to by Gartner as ‘detection-centric’


What does Darktrace Newsroom Report on?

What is "new critical vulnerabilities within the attack surface of an organization"

Newsroom provides information on new critical vulnerabilities within the attack surface of an organization. These vulnerabilities are defined as

Critical severity (CVSS score of at least 8.8)

Exploitable from the outside/allows for remote code execution

Very high probability of exploit (available PoC)


What is Shadow IT?

What is"the use of IT-related hardware or software by a department or individual without the knowledge of the IT or security group within the organization"

It can encompass cloud services, software, and hardware.

The main area of concern today is the rapid adoption of cloud-based services. The growth of shadow IT has accelerated with the consumerization of information technology. Users have become comfortable downloading and using apps and services from the cloud to assist them in their work. 


What is a group of pugs called? 

what is a "grumble" 

Click to zoom