Darktrace/Cloud solution based on self-learning AI provides cyber resilience for cloud environments

Darktrace unveiled a new Darktrace/Cloud solution based on its self-learning AI. The new solution provides comprehensive visibility of cloud architectures, real-time cloud-native threat detection and response, and prioritized recommendations and actions to help security teams manage misconfigurations and strengthen compliance.

When combined with insight from Darktrace solutions for network, email, apps, zero trust and endpoint, Darktrace/Cloud provides a deeper, contextualized understanding of the risks and threats currently facing an organization’s digital estate.

According to a recent report, “Gartner anticipates over 99 percent of cloud breaches will be based on a customer error, account takeover or misconfiguration until 2027”. Cloud environments are constantly evolving so security professionals need to increase the level of visibility while keeping up with changing compliance, risk and security requirements. The rise of cloud-native technologies including containers, Kubernetes and microservices also require new tools and techniques for detecting and responding to known and novel threats.

“Unlike static cloud security tools that provide snapshots of a specific point in time, Darktrace/Cloud is real-time, all the time. Our self-learning AI continuously learns patterns between workloads, assets, policy configurations and identities to provide a dynamic view of cloud architectures. We analyze the entire cloud stack from data to control plane, combining an understanding of architecture and network with a new flexible, scalable deployment model,” said Jack Stockdale, CTO, Darktrace.

“Our innovative approach to cloud security is built on more than a decade of leadership in Cyber AI that is already protecting our customers’ critical business areas from network and email to operational technology,” Stockdale added.

The new capabilities in Darktrace/Cloud include:

• Comprehensive visibility and architecture modeling for insights into the constantly changing nature of cloud environments. This visibility is constructed dynamically from configuration, network, users and identity and access management (IAM) data. Darktrace establishes patterns of life for cloud resources, identities, and services to understand who has access to what and how. This is critical for detecting anomalies and unknown threats.
• Universal attack path modeling provides a dynamic view of where attackers may look to move next. Darktrace brings together real-time cloud data and a deep understanding of your cloud environment with a platform approach that provides insights about risks from other covered areas of the business (e.g., network, email) to highlight potential attack paths and prioritize important assets to secure.
• Real-time and cloud-native threat detection and response that provides a dynamic view of known and novel threats within the cloud. Darktrace combines deep cloud attack path knowledge with real-time anomaly and threat detection through cloud-native autonomous response actions, such as detaching a policy from a user or removing a workload from a security group.
• Prioritized cloud posture management that starts by examining cloud configurations against common compliance frameworks. Where misconfigurations are detected, Darktrace provides a prioritized view of what to fix first, based on a risk profile generated from security and business context. Guided steps can be provided to help teams proactively address these before they become a significant issue.
• Cost discovery to provide a better understanding of cloud resource allocation. This helps teams contextualize their cloud resources according to security and business priorities.
• Communication and collaboration capabilities to streamline workflows between security teams and DevOps teams. Tickets can be created on demand, teams can communicate directly via messaging platforms, and alerts and anomaly detections can be sent to Security Information & Event Management (SIEM) or Security Orchestration, Automation and Response (SOAR) products and the Darktrace Mobile app so they can be alerted on the go.
• Flexible deployment options include an agentless deployment by default so organizations can be up and running in minutes. Teams can use the dynamic architectural view and risk context to decide where to deploy agents for enhanced real-time actions and deeper inspection.