Darktrace Endpoint

Darktrace Endpoint is an endpoint security solution that uses Self-Learning AI to detect and respond to threats on endpoints. The product learns normal behavior patterns for individual endpoints and organizations to identify anomalous activity without relying on signatures, rules, or threat intelligence feeds. The solution provides visibility into both network packet data and endpoint process telemetry through a feature called Network Endpoint eXtended Telemetry (NEXT), which combines these data sources in a single agent. This approach bridges the gap between Network Detection and Response (NDR) and Endpoint Detection and Response (EDR) capabilities. Darktrace Endpoint includes Cyber AI Analyst, an agentic AI system that automates security investigation and triage across multiple security domains. The AI Analyst performs cross-domain investigations by analyzing endpoint process data alongside network, cloud, SaaS, identity, and email data. The product offers autonomous response capabilities that take targeted actions to contain threats based on behavioral understanding, rather than immediately isolating endpoints. Response actions can be customized based on device types, IP ranges, and working hours. The solution provides visibility for remote worker endpoints and devices operating off-VPN. Darktrace Endpoint is designed to work alongside existing EDR solutions, complementing tools like Microsoft Defender for Endpoint by adding behavioral analysis capabilities.