Darktrace CEO On AI, Channel Push: ‘We’re Ready To Partner’

The AI-powered cybersecurity vendor is moving beyond its initial focus on direct sales and the overseas market by doubling down on working with partners in North America, Darktrace CEO Jill Popelka tells CRN.

AI-powered security trailblazer Darktrace is moving beyond its original focus on direct sales and the overseas market, with major efforts now underway to accelerate growth with partners in North America, Darktrace CEO Jill Popelka told CRN.

The investments in expanding Darktrace’s channel presence come after the company—which is based in Cambridge, U.K., but has numerous offices in the U.S. and Canada—was taken private last fall. The deal saw private equity firm Thoma Bravo acquire Darktrace for $5.3 billion and has enabled the company to move “more boldly,” including in terms of its partnerships, Popelka said.

Ultimately, the message to the channel right now is, “We're ready to be part of this thriving ecosystem and to partner with you,” she said in a recent interview.

Popelka—an SAP veteran who joined Darktrace just over a year ago, initially as COO—was promoted to CEO in September 2024 and said a top focus so far has been on providing more resources to the company’s channel team.

That team is led by Dan Monahan, chief partner and transformation officer at Darktrace, who was formerly vice president of Americas channel sales at Cohesity. Prior to Cohesity, Monahan spent seven years at VMware, finishing his time there as head of national solution providers and distributors.

While Darktrace admittedly may have remained oriented toward direct sales for a “little bit too long,” the company is now firmly committed to a channel-focused approach, Popelka said.

“We're moving away from direct sales into really working through our partners,” she said. “We want to have an incredible partner relationship in every single customer that we work in.”

AI Advantage

A key advantage for partners in working with Darktrace is that the company brings deeper experience in using AI/ML for cybersecurity than competitors, since that has been the company’s biggest differentiator since it was founded in 2013, according to Popelka.

This equates to improved security outcomes for customers by using AI differently than other vendors—not merely to counter known threats but, instead, to recognize unusual activity that can point to a threat whether or not it’s previously known, she said.

In other words, the focus is on “understanding your business—rather than understanding the threats,” Popelka said, something that requires large numbers of analysts to accomplish.

“Here we’re doing it in a really different way, so it’s actually much more efficient. And it catches these new threats,” she said. “Because you’re not oriented on the threat, you’re oriented on the business itself and protecting the business environment itself.”

A recent meeting between Darktrace and more than a dozen of its CISO advisers confirmed that this is the type of approach that’s needed now at a time when threats continue to intensify, according to Popelka.

The group of CISOs, she said, made it clear that “they see us as truly blocking the novel threats—the things that other competitors can’t.”

Darktrace has also expanded beyond its initial focus on network detection and response (NDR) to bring its AI-powered approach to securing email and cloud environments—the latter of which has been bolstered by the company’s acquisition of cloud threat investigation startup Cado Security in January.

What follows is more of CRN’s interview with Popelka.

What are the biggest things you want partners to know about Darktrace, especially since you were taken private last year?

We have really appreciated being part of Thoma Bravo. And it’s an important foundation because that provides us with the ability to be a little bit more creative with how we invest—and think a little bit more boldly with how are we going to continue to improve this product and how do we want to position ourselves in the market? Darktrace has its history in NDR. We are at 20 percent market share and very known for NDR. Two years ago, we launched an email product, and we now have a cloud product as well. We’ve just made an acquisition in that cloud space of Cado Security. So three things—network, email, cloud. Darktrace is based on AI, so we have a multilayered AI approach. We have both artificial intelligence models, machine learning, and we have agentic AI in terms of responding to issues in your network, in your email and in your cloud. This moment in time shows us at incredible growth. And we’re going to continue to invest in our product and continue to invest in ensuring that it’s best in class in delivering for our customers. Last week, I was at our Americas CISO Council. We had 15 or 20 CISOs join us and as I was listening [they essentially said], “Darktrace is the brick wall behind the soccer net of the rest of our cybersecurity landscape.’ They see us as truly blocking the novel threats, the things that other competitors can’t.

We are not yet a brand name that is immediately recognized in the U.S. We are, however, on [the other] side of the Atlantic—in the U.K. and in Europe—everyone seems to know Darktrace. Our brand is very well-known. And so it’s my responsibility to ensure that that becomes the reality in the U.S. as well. So over the next 12 months to two years—it takes some time—I’ll be very focused on ensuring that we grow our U.S. market. In order to do that, it’s extremely critical that we have broad trust across national partners, across regional partners, and that we’re really working closely with partners to ensure they understand our network, email and cloud solutions, and that they understand how we can be positioned against our competitors, and how we serve customers exceptionally well and complement, honestly, some of the other cybersecurity providers.

So as we go into next year, a big focus for me is, first of all, the U.S. market, R&D investment, ensuring that we integrate Cado Security, which is in our cloud product. And then truly investing in partners—investing in how we integrate with them, how we put in not only partner managers, but also solutions engineers and people that can help technically support what our partners are doing. We’ve had a good start in terms of our partner relationships and so I’m excited to build on that.

What would you say are Darktrace's biggest differentiators in AI/ML at this point, given that so many other security vendors are now emphasizing AI?

It is in the details where the differentiation happens. And so everybody’s using the words ‘AI’ and ‘agentic AI’ to describe their platform. We’ve been doing it for 13 years, and it is at the very core of our solution—that AI, machine learning, multilayered [approach]. The thing that’s different about Darktrace from our competitors is that they’re often using large language models or private language models in order to evaluate data and then evaluate threats. We’re actually trying to understand the known environment of the customer. And once we have a deep understanding of how data flows within your network environment, within your cloud, across email—once we know that, we can then better identify what is not normal. And so it’s a totally different approach than a rules- and signature-based model. Because that’s always going to be static and slightly dated, whereas we can actually identify novel threats. Across all three of those major products, we are the best at identifying novel social engineering, novel threats to your network, novel threats to cloud. I think that’s what's different about us—we’re looking at your business as the center. And when we understand what’s known and what’s normal for your business, it helps us truly identify more easily what’s not normal? And is that a threat? We tune the system to understand exactly what they want to see, and then they can see either more of those model alerts, or they can see slightly less. Often they’ll want to start the journey with us responding to those threats automatically in human confirmation mode so that they can kind of check that the AI is doing what they want, make sure they tune it appropriately, and then turn it more fully into autonomous response mode, so that we’re actually responding to those most critical threats as quickly as possible.

How does your investment over 13 years into AI make a difference in terms of what you’re able to do with it for security?

We have some of the smartest people out in Cambridge—from data scientists to linguistics specialists. And what they're really doing is, they're helping refine the models. And so while we have this AI that is trained to learn a certain business and learn what’s normal in a business, then we have to have models to apply to that, to understand, what is a threat? What is normal versus what’s not normal? And how do we get really into the details of what identifies normal and not normal in a network environment, in an email environment, in a cloud environment? But since we started 13 years ago in this network space, we’ve been able to really refine those models, create additional models—and again, that multilayered [approach] has allowed us to build the system that can very quickly get to know the intricate details of your business without taking data out of your environment. So this is a super valuable technology for regulated industries. We were just awarded FedRAMP High certification so that we can serve the government, and it was a relatively easy path because of the fact that we’re not taking your data off-site. We have the ability to just learn from your data, where it is, and then [learn] the normal flow of your business. And then, as we refined those models and built our email system, we used some of those same models to understand what is the threat? How does it work? And then we’ve built on those models to identify, specifically, how does data flow in email? What are the things that you want to look for that’s unusual in email? And I think this model of a business-centric approach, understanding your business rather than understanding the threats and looking out and saying, ‘Oh, we’ll stop that threat’—you have to employ thousands of analysts to understand those new threats and then build your model. Here we’re doing it in a really different way so it’s actually much more efficient. And it catches these new threats. Because you’re not oriented on the threat, you’re oriented on the business itself and protecting the business environment itself.

How is your approach distinct from what others are doing with cloud security?

A lot of cloud security providers are really just looking at protecting your perimeter, and as soon as something comes into that perimeter, they alert you. And then it’s your job to go in and then you have to navigate your way through your cloud environment, which can also be difficult. Darktrace takes a different view. We want to understand your cloud environment from the beginning, so we can do that. And similar to the way that Wiz can, in a short time, give you a visualization of your cloud environments, we can do that as well. And then look at it in that same way that we just talked about, which is, what is known? What are the dynamics of this cloud environment? How is data traveling? What is a normal flow of data? Who’s getting access into these environments? And now we have Cado as well so that once we see that there’s something that’s not normal, we can apply Cado to ensure that we’re capturing the data that we need to and then forensically be able to very quickly get in and evaluate and investigate what’s happening in this space.

How would you summarize Darktrace’s prior history with the channel and goals going forward with partners?

We were so successful as a startup in selling direct that I think we did that for a little bit too long. And over the last couple of years, we’ve really been working to build a better understanding of Darktrace in the market and also to prove to partners that we want to work with them, that we want to be part of this ecosystem. Partners are so critical in advising customers and then helping them understand what is their landscape? What is it that they need to be most concerned about in their industry and in the space where they’re operating? We want to ensure that we’re partnering super well with all the people that are serving customers that we could reach. How do we do that? Right now, it’s a ground game. It’s going out to talk to these partners and helping them understand exactly what I’ve just explained to you. Here’s what Darktrace stands for. Here’s what we do. And we have a new approach. We’re moving away from direct sales into really working through our partners. We want to have an incredible partner relationship in every single customer that we work in. And we’re working on how exactly we do that. Right now, it’s about getting the funding into the hands of my chief partner officer and ensuring that he’s able to direct that so that we can provide the right enablement, staffing, etc. And then also, it’s always important that we share in the revenue. So how are we going to support those partners that are helping us go out to market? So we’re excited about developing those models and maturing the models that we have right now as well.

What is your overall message to partners?

I think the message to partners would be, take a look at Darktrace. Because I think for a long time, Darktrace may have not had the best reputation in the market in terms of how we partner. And so I would just say, give Darktrace a chance. We’re ready to be part of this thriving ecosystem and to partner with you.