Security teams don’t lose time because they lack data - they lose it because their data lives in silos. Network tools track traffic patterns. Endpoint tools log process behavior. Identity systems monitor who’s behind it all. But none of these systems connect fast enough when something starts to go wrong.
Darktrace’s latest expansion of its ActiveAI Security Platform addresses that, bringing together network, endpoint, and process telemetry into a single, adaptive view of how attacks unfold in real time.
Closing the Gaps Between Network and Endpoint
At the center of the update is Network Endpoint eXtended Telemetry (NEXT), a new mixed network and endpoint telemetry agent that pairs full network packet data with detailed process-level visibility. Powered by Darktrace’s Self-Learning AI, it bridges the long-standing divide between NDR and EDR. Analysts no longer have to pivot between dashboards to trace an event back to its source. Instead, they can see, in one view, which process on which device triggered a suspicious connection, and what that means for the rest of the environment.
That connection brings context. It helps uncover subtle threats that usually slip through traditional detection tools: legitimate applications being misused, fileless attacks, or “living off the land” techniques that blend into normal operations. Investigations that once took hours can now be completed in seconds, freeing analysts to focus on the parts of an incident that actually demand human judgment.
This unified visibility powers
Cyber AI Analyst, Darktrace’s agentic AI system, which now operates natively across endpoint, network, cloud, SaaS, identity, and email. By correlating data across these domains, it can recognize attack patterns as they move through them, connecting seemingly unrelated events into one cohesive story. Rather than flooding teams with alerts, it filters noise, prioritizes meaningful incidents, and delivers clear summaries that reveal how and why a threat is unfolding.
Extending Visibility from IT to OT and Beyond
Darktrace is also expanding its footprint in operational technology environments, where visibility gaps can be even more dangerous. As OT and IT systems converge, attackers are exploiting weak segmentation and blind spots. The latest updates to Darktrace / OT introduce expanded protocol support for GE-SRTP and MELSOFT, firewall rule analysis for Fortinet FortiGate, and dashboards designed specifically for OT engineers. These updates help operations teams identify anomalies without wrestling with IT-centric interfaces, while giving security teams the context they need to defend interconnected systems.
The company is also deepening its exposure management capabilities. The new enhancements tie together internal vulnerabilities and external attack surface data to show which risks actually matter. Continuous penetration testing for common CVEs and monitoring of leaked credentials across the deep and dark web provide a live picture of exposure. Combined with built-in cost-benefit analysis, security teams can prioritize fixes that deliver the most impact, rather than chasing long lists of theoretical vulnerabilities.
To manage everything at scale, the new ActiveAI Security Portal consolidates control across all deployments, from cloud to endpoint to OT. With unified permissions, API access, and centralized oversight, enterprises and MSSPs can simplify management without sacrificing granularity.
