MDR on Darktrace ActiveAI: Self-Learning AI governed by senior analysts.
The Fortgale European SOC 24·7·365 governing the Darktrace AI. Antigena autonomous response validated by L2/L3 analysts to avoid false positives, <30 min median containment on incident escalation.
European SOC 24·7·365L2/L3 analysts · direct interaction
Fortgale
◇
Multi-domain AI tier-zeroNoise reduced >90% by day 30
Fortgale
⚡
Native Darktrace responseHost isolation in seconds
Live
◈
Proprietary intelligence34,000+ IoCs per week · European actors
Fortgale
MDR live, Darktrace + Fortgale SOC active
Compliance
ISO/IEC 27001
NIS2 ready
DORA aligned
GDPR · ENISA
Technology partnership
Darktrace ActiveAI
MITRE ATT&CK aligned
OpenCTI
Why Fortgale + Darktrace
Self-Learning AI, governed by people who know European context.
Darktrace ActiveAI builds a 'pattern of life' for every device. Powerful for unknown threats but prone to false positives on heterogeneous environments. Fortgale governs the Antigena AI with European analysts who know the operational context of European enterprises.
01 ·
Darktrace ActiveAI · Self-Learning
Pattern of life per device, network, user. Native NDR + email (Antigena Email) + cloud + endpoint. Detection of unknown unknowns via behavioural anomalies, no signatures. Fortgale delivers detection and response on the platform modules Darktrace / NETWORK · / EMAIL · / CLOUD · / IDENTITY · / ENDPOINT · / OT.
02 ·
European SOC 24·7·365
L2/L3 analysts specialised on Darktrace. Antigena tuning, false positive reduction, contextualisation on European environments. Triage <15 min on Darktrace AI alerts.
03 ·
Antigena governance + IR
Validation of autonomous response: which traffic to block, which to slow. Custom rules for business-critical processes. Direct escalation to Fortgale IR. Full NIS2 national CSIRT notification support.
How it works · architecture
Four blocks, one MDR cycle on Darktrace.
From self-learning baseline to validated Antigena response, all governed by Fortgale with European analysts who know operational context.
01 ·
01 · Learning
Pattern of life baseline
7-14 days of learning to build the per-device pattern of life. Sensors on network (NDR), email (Antigena Email), cloud, endpoint. Continuous baseline updates.
02 ·
02 · Tier-zero
Darktrace AI + custom tuning
Detection of behavioural anomalies via Self-Learning AI. Fortgale tunes thresholds and exclusions on European context, reducing false positives by 60-80%.
03 ·
03 · Analysts
Our L2/L3 govern AI
European SOC validates every Darktrace AI decision before Antigena fires. Critical decisions never fully autonomous on production assets. Direct interaction in your business language.
04 ·
04 · Response
Antigena + IR escalation
Antigena governed: autonomous traffic block, anomalous device isolation, email quarantine. Direct escalation to Fortgale IR for critical incidents requiring forensic and recovery support.
Proof · service metrics
Four numbers that hold MDR on Darktrace up.
Metrics measured on real customer telemetry, Q1 2026, updated quarterly.
<30 min
Median containment from confirmed Darktrace alert
60-80 %
False positives reduced by Fortgale tuning
Pattern
Per-device of Life Self-Learning AI
21 days
Full onboarding Darktrace + Antigena
The problems MDR must solve
Five reasons Darktrace alone is not enough.
The platform produces telemetry. What is missing is the people who read it around the clock, prioritise it and turn it into decisions.
01 ·
Alert fatigue
Tier-zero AI filters, analysts decide: noise reduced >90% by day 30. Every alert that reaches you is already a qualified case.
02 ·
Darktrace expertise
L2/L3 analysts who operate the Darktrace console every day: detection tuning, MITRE-mapped runbooks, native response on your platform.
03 ·
Operational experience
European SOC, headquartered in Milan since 2017, 24·7·365: median TTD <15 minutes, median TTC <30 minutes.
Proprietary CTI on 287 tracked adversary groups and attack tools: advisories, IOCs and actor profiles feed directly into detection on your platform.
Threat intelligence · attacks detected on Darktrace
Behavioural anomalies and RATs contained on Darktrace by the European SOC.
Selection of low-volume / high-impact threats detected by Darktrace Self-Learning AI on Fortgale customers. The anomaly-based approach catches TTPs that signature-based EDRs miss.
RAT · Remote Access Trojan
Remcos
Vector Phishing email with Office macros or ISO attachment · persistent backdoor · keylogger + screen capture · C2 to DDNS domains
Detection · Darktrace Darktrace AI Analyst on <em>beaconing patterns</em> to rare domains + endpoint anomaly correlation via Antigena Network.
C2 · Lateral Movement
Cobalt Strike
Vector Post-exploit beacon · anti-EDR sleep mask · process hollowing · lateral movement via PsExec / WMI / SMB
Detection · Darktrace Darktrace anomalous network flow detection + RESPOND/Antigena auto-containment for network containment without human-in-the-loop.
Threat Actor
Storming Tide
Vector AiTM phishing + Initial Access · pivot via OAuth token · lateral on European manufacturing customers · data exfiltration via Mega.nz / Telegram
Detection · Darktrace Darktrace Email correlation with Network anomaly + Antigena Email for automatic quarantine · nominative Fortgale runbook.
What the service includes
MDR on Darktrace, in detail.
Every component designed to leverage Darktrace AI with European SOC governance, avoiding false positives on production environments.
Validation of autonomous response: rules for business-critical processes, exclusions, response thresholds. Avoids unwanted blocks on legitimate workloads.
03
Proprietary CTI integration
34,000+ IoCs per week from Fortgale OpenCTI integrated as Darktrace Custom Watchlists. Behavioural detection enriched with proprietary intelligence.
04
Cross-domain hunting
Monthly hunting via Darktrace Investigate using pattern of life + proprietary CTI. Focus on lateral movement, data staging, persistence not covered by automatic detections.
Darktrace PREVENT + DETECT + RESPOND + HEAL integration. Attack Path Modelling for proactive risk assessment. Fortgale orchestrates the entire AI Loop.
For whom · two angles
Same MDR on Darktrace, two angles.
The CISO decides on risk. The IT lead decides on the runbook. Fortgale MDR produces evidence for both.
For the CISO
A named runbook per actor, on the Darktrace stack.
Each month the CISO receives the profile of the 3 most likely actors against their sector, with the Fortgale MDR runbook already mapped to the Darktrace ActiveAI telemetry.
Monthly threat briefingActors, observed TTPs, campaigns in progress on your sector.
Darktrace runbookLive MITRE-mapped playbooks, executable on the Darktrace ActiveAI console.
Board-ready reportingRisk · impact · decision. No slideware technology.
Zero translator handover. European analysts on your Darktrace console.
When the Darktrace alert is real, decision time is containment time. Our L2/L3 analysts know the Darktrace ActiveAI console and have a mandate to decide.
Median containment ~11 minFrom confirmed alert to remediation in production.
Everything to know before talking to our analysts.
What is the Fortgale MDR service on Darktrace?
Combines Darktrace ActiveAI (Self-Learning AI for network, email, cloud, endpoint) with the Fortgale European SOC 24·7·365. L2/L3 analysts govern Antigena AI, validate autonomous decisions and apply MITRE-mapped runbooks to avoid false positives on sensitive workloads.
What is Darktrace Antigena?
Antigena is the Darktrace autonomous response: it blocks or slows anomalous traffic based on learned behaviour (Self-Learning AI). The Fortgale SOC governs Antigena to avoid unwanted blocks on business-critical processes and to orchestrate cross-domain response.
Do I need to already have Darktrace?
No. Fortgale handles the full cycle: licensing, sensor deployment (network, email, cloud, endpoint), self-learning model tuning, Antigena configuration. Available both on existing instance or as part of the service.
Is the service NIS2-compliant?
Yes. We support NIS2 transposition requirements: continuous monitoring, IoC collection for national CSIRT notification within 24 hours, technical documentation for 72-hour notifications.
How long does Darktrace activation take?
Darktrace sensor deployment is fast (1-2 days), but the Self-Learning AI model requires 7-14 days to build the 'pattern of life' behavioural baseline. Full MDR service onboarding: 14-21 business days.
Talk to the outpost
One meeting. One NDA. One real runbook on Darktrace.
We bring you the Report on your sector with the most likely actors and a concrete MDR runbook on your Darktrace ActiveAI console.
Outlook Bookings · Fortgale
Book a meeting
Loading calendar…
Response · 1 business day
Speak with our analysts.
No nurturing sequences, no auto-replies. One of our analysts calls you back within one business day.
Document · Fortgale
PDF preview
Loading PDF…
Request · Fortgale Threat Intelligence Report
Request the Report
The full Report (executive summary · operational IoCs · technical runbook) is restricted. Share two details and one of our analysts contacts you with access and a short technical briefing.
See a real attack
IR · 24·7·365
Are you under attack?
Response in 30 minutes, containment in 1–4 hours. Even if you are not a Fortgale customer.
We use essential cookies required for site functionality and, with your consent, analytics and marketing cookies to measure traffic and personalise content. You can accept all cookies, reject them, or customise your preferences. For more details see the Cookie Policy and Privacy Policy.
Cookie preferences · Fortgale
Manage your preferences
Choose which cookies to allow. Essential cookies are required for the site to work and cannot be disabled. For the others, consent is always free, specific and revocable at any time.
EssentialAlways on
Required for the site to function (session, security, cookie preferences). The legal basis is the controller's legitimate interest (Art. 6(1)(f) GDPR). Without these cookies the site does not work correctly.
AnalyticsWe measure what works
Aggregated statistical cookies to understand how users browse the site (page views, session duration, traffic source). EU-friendly or anonymised providers. Legal basis: consent (Art. 6(1)(a) GDPR).
MarketingPersonalisation and remarketing
Third-party cookies (LinkedIn Insight Tag, possible campaign pixels) to measure ad campaign effectiveness and show relevant content. Legal basis: consent (Art. 6(1)(a) GDPR). Disabled by default.
You can change these choices at any time from the Cookie Policy page or by clicking the Cookie preferences link in the footer.