Professional Documents
Culture Documents
How Does it Work? Antigena-enabled SaaS modules are also available for Office
365, Zoom and Okta, enabling the extension of autonomous
Cloud master instances can analyze and ingest the same data
response into business critical third-party platforms. For advanced
as a standard physical appliance. For coverage over remote
operators, Antigena SaaS offers the Antigena Lambda toolkit for
workers or satellite offices with minimal networking infrastructure,
the creation of versatile, custom actions through AWS Lambda.
the host-based Darktrace client sensor can transmit and analyze
traffic through cloud-based, Darktrace infrastructure directly to
Darktrace Antigena Email integrates seamlessly with a virtualized
the cloud master instance.
master and can be deployed for Google Workspace (formerly
G Suite), Office 365 or Hybrid Exchange environments. When
Organizational network traffic - physical or virtual - can be sent
deployed, Antigena Email and the cloud-hosted appliance will
via a Darktrace vSensor in one of two encrypted communication
share metadata on devices, network and domain rarity and threats
modes. Push Token is particularly recommended as it does
detected by either platform to ensure expanded protection
not require an inbound firewall exception to the vSensor IP.
across the organization.
vSensors can be deployed as a standalone virtual machine, in
a traffic-mirroring scenario, or with up to 255 osSensor agents
Security
(per vSensor). Darktrace osSensors can be installed on devices
running Windows, supported Linux distributions and any Linux Individual, completely separate instances are provisioned for each
environment running the Docker engine. customer within the desired cloud-provider region. Data ingested
from local probes in the network, cloud and virtual environments
In addition to processing and transmitting network traffic, vSensors is encrypted in transit and will not leave the region. In addition,
can ingest and forward syslog-format logs to the Darktrace cloud two-factor authentication is enforced on all user accounts.
master. VPN and DHCP logs can provide valuable device-tracking
enrichment and custom event types derived from ingested log Darktrace is ISO27001 certified, ensuring we maintain a high
data can be used to integrate with a number of third-party tools. standard of information security. Our risk appetite is low and
our multi-layered approach to security includes:
Cloud-based deployments also support Darktrace SaaS and
Cloud Security Modules which extend Darktrace visibility into Ǔ Least-privilege role-based access control
third-party services and virtualized environment management
Ǔ Strong modern ciphers across software and infrastructure
activity. After authorization, each module retrieves and analyzes
(TLS1.2, AES 256 GCM, SSHv2 Chacha-poly20)
audited event data from the specified service, expanding ‘pattern
of life’ detection and anomaly detection outside the network. Ǔ Regular penetration tests by internal and third-party experts
2. Receive the access and log in details from your Darktrace 2. Receive the access and log in details from your Darktrace
representative (credentials will be sent over separate secure representative (credentials will be sent over separate secure
channels) and access the instance for the first time. channels) and access the instance for the first time.
Two-factor authentication is enabled as standard on virtualized Two-factor authentication is enabled as standard on virtualized
deployments; a QR code will be displayed on first access. deployments; a QR code will be displayed on first access.
Please scan this QR code with your preferred multi-factor Please scan this QR code with your preferred multi-factor
authentication app such as Google Authenticator or Duo authentication app such as Google Authenticator or Duo
Security. Security.
3. Retrieve the authentication information and Client Sensor 3. From the System Config page of the cloud master, locate the
(cSensor) installation files for the relevant operating “SaaS / Cloud” subsection of the Modules view and proceed
systems from the Customer Portal or from your Darktrace through the authorization process for each module.
representative. Three key values are required for installation
and are available from the same location as the installer: 4. Confirm that the authorization was successfully and the
modules are able to retrieve data. The System Config page
Ǔ The Fully Qualified Domain Name of your dedicated will provide details of module service status.
cSensor cloud infrastructure.
Your Darktrace representative can assist with troubleshooting,
Ǔ The unique authentication token.
adding additional modules or network traffic probes as
Ǔ The identifier of the unique authentication key. desired.
11vSensors run a virtual kernel by default which supports only a limited number of hardware drivers. Please see the vSensor FAQ for
details about expanding the kernel to support physical traffic.
US: +1 415 229 9100 UK: +44 (0) 1223 394 100 LATAM: +55 11 4949 7696 APAC: +65 6804 5010 info@darktrace.com darktrace.com
LAST UPDATED: AUGUST 4 2021