Darktrace

概要

Self-learning AI "Darktrace" for ransomware countermeasures|TDC Soft (TDC SOC) supports its operation.

Based on the premise of unknown threats and internal breaches, the self-learning AI detects “out of the ordinary” signs on the network. This reduces the risk of damage escalation by capturing the preliminary stages from ransomware intrusion to horizontal deployment and encryption.
TDC Soft will serve as the point of contact from implementation to operation, providing support including monitoring, analysis, and primary response systems by the TDC SOC.

Contact us

Are you worried about this?

  • Too many alerts to identify the really dangerous ones.
  • I have EDR and FW in place, but I'm still concerned about suspicious internal behavior.
  • I feel we are not detecting unknown malware or legitimate account abuse.
  • Even if detection is possible, initial response may be delayed and damage may spread.
  • SOC and information systems have a high operational load, and the system is nearing its limits.

Product Overview

Darktrace is an enterprise security product that continuously learns the “behavior” of communication and usage within an organization and detects signs of anomalies.
It does not rely solely on known attack patterns (signatures), but rather uses “normalcy” unique to the environment as the standard for detecting unusual behavior. Therefore, it contributes to early detection of first-time attacks and signs of internal breaches.

The number of attacks from ransomware is increasing every year

Comparison of number of attacks per month in 2022/2023

The number of attacks from ransomware is increasing every year.
With cyber-attacks on major companies in 2025 also becoming a hot topic, security measures are an urgent need for all companies, large and small.

Darktrace Features

Feature 1: Signature-independent anomaly sign detection

It ensures a starting point for detection even for attacks that do not match known patterns, such as unknown malware or abuse of legitimate accounts.
Based on the difference between normal behavior and abnormal behavior, the signs of abnormality are visualized, and a state is created in which “what should be investigated” is known.

Feature 2: Organizing and prioritizing information directly related to decisions

Rather than simply increasing the volume of alerts, we organize and present the information needed to understand the situation and make a decision.
This allows you to focus on “events that really need to be addressed now,” thereby reducing both the risk of oversight and the operational burden.

Feature 3: Integrated response that goes beyond detection to "blocking

The system does not stop at detecting anomalies, but can also take actions such as blocking unauthorized communications and suspicious behavior.
Automating and speeding up initial response prevents damage from spreading and improves the effectiveness of incident response.

Feature 4: Complementary detection and protection by leveraging existing countermeasures

Rather than replacing perimeter defenses, EDR, logging infrastructure, etc., it complements monitoring, detection, and blocking while leveraging existing countermeasures.
While preventing detection omissions, it also raises the level of protection for the entire operation.

How Darktrace works

Fully automated information collection, analysis, and even reporting after detection

  • 1. integrating the speed and scalability of AI with accurate and flexible human expertise
  • 2. 100% automatic and continuous investigation and analysis of all threats
  • 3. automatically prioritize only the most relevant incidents
  • 4. automatic report generation to enable security teams to respond immediately to attacks
  • 5. 92% reduction in the time required to analyze detected threats compared to previous models
Contact us

Darktrace's self-learning AI engine approach to detect unknown malware.

Compared to the conventional type, which could detect known attacks and their derivatives but could not detect unknown malware,
Darktrace can detect even unknown malware as anomalies by using an AI engine to determine if it is normal or not.

Examples of Darktrace

File downloads from a destination or port that has never been connected to before are determined as suspicious behavior, and Darktrace AI blocks the file acquisition.
Four seconds after detection, communication from the terminal was intercepted and the incident was prevented.

While conventional security tools require the following actions, Darktrace eliminates them and reduces costs.

  • 1. 24/365 response to cyber-attacks
  • 2. advanced secondary research skills
  • Consideration of how to deal with uninstalled endpoints

Darktrace × TDC SOC

Early detection by self-learning AI and SOC operation are provided as a set. TDC SOC handles everything from operational design to monitoring, analysis, and primary response, and incorporates them into a form that can be implemented onsite.

Common operational issues

Operational issues of monitoring, analysis, and response that are often seen in information systems/security departments in the financial and manufacturing industries.

  1. Difficulty in determining priority due to increased alerts

  2. Lack of detection points for unknown methods and abuse of legitimate accounts

  3. Operational burden and personnel due to fragmentation of monitoring, analysis, and response

What Darktrace x TDC SOC can solve

  • Early identification of suspicious signs leading to ransomware intrusion, lateral deployment, and information removal

  • Ensure a signature-independent starting point for detection of unknown threats and signs of legitimate account abuse

  • Reduce the burden of alert response and personnel, based on primary analysis and priority determination by the TDC SOC.

  • Structuring of ongoing operations, including monitoring, decision-making, and escalation design

Operational support by TDC SOC

Darktrace is not only about implementation, but also about “operation and results.” With TDC SOC at its core, TDC Soft provides comprehensive support from operational design to monitoring and primary response.

  • Operational design: Organize monitoring targets, systems, and coordination rules (who/what to watch/how to judge)
  • Monitoring and primary response: monitoring by TDC SOC, primary analysis, priority determination, escalation when necessary
  • Improvement of operation: suppression of false detection and over-detection, tuning of judgment criteria, and molding of continuous operation.

Inquiries about Darktrace

We can consult with you on the scope of Darktrace and how to proceed based on your current operational structure. Please contact us using the form below.

Contact Us