New AI-based security solution increases the cyber resilience of cloud architectures. It protects against new threats and misconfigurations in real time and strengthens compliance.
A global leader in AI for cybersecurity, has introduced the new Darktrace/Cloud solution, based on its unique self-learning AI. It provides comprehensive visibility into cloud architectures, real-time cloud-native threat detection and response, and prioritized recommendations and actions. This helps security teams manage misconfigurations and strengthen compliance. Combined with insights from Darktrace network, email and endpoint solutions, Darktrace/Cloud enables a deeper, contextual understanding of the risks and threats to an organization's digital assets.
Misconfigurations responsible for cloud incidents
“Gartner expects that by 2027, more than 99 percent of cloud incidents will result from a customer error, account takeover or misconfiguration,” according to a recent study. Cloud environments are constantly evolving, requiring security professionals to increase visibility while keeping pace with evolving compliance, risk and security requirements. Cloud-native technologies such as containers, Kubernetes and microservices require new tools and techniques to detect and respond to known and emerging threats.
“Unlike static cloud-based security tools that take snapshots at a specific point in time, Darktrace/Cloud is always active in real time,” explains Jack Stockdale, Chief Technology Officer of Darktrace. “Our self-learning AI continuously learns patterns of workloads, assets, policy configurations and identities for a dynamic view of cloud architectures. We analyze the entire cloud stack from the data to the control plane, combining architectural and network understanding with a new flexible, scalable deployment model. Our innovative approach to cloud security is based on more than a decade of leadership in cyber AI, already protecting critical business areas for our customers – from network to email to operational technology.”
New Darktrace/Cloud features include:
- Comprehensive transparency and architectural modeling for insights into the ever-changing nature of cloud environments. This visibility is created dynamically from configuration, network, user, and identity and access management (IAM) data. Darktrace creates lifecycle patterns for cloud resources, identities, and services to understand who has access to what and how. This is crucial for detecting anomalies and unknown threats.
- Universal modeling of attack paths provides a dynamic overview of where attackers might strike next. Darktrace combines real-time cloud data and a deep understanding of the individual cloud environment with a platform approach. This provides insights into risks from other considered areas of the organization (e.g. network, email) to highlight potential attack paths and prioritize key resources that need to be secured.
- Unique real-time and cloud-native threat detection and response, which provides a dynamic overview of known and emerging threats within the cloud. Darktrace combines deep knowledge of cloud attack paths with real-time anomaly and threat detection for cloud-native, autonomous response actions, such as decoupling a policy from a user or removing a workload from a security group.
- Prioritized cloud posture management, which begins by auditing cloud configurations against common compliance frameworks. When misconfigurations are discovered, Darktrace prioritizes what to fix first based on a risk profile created in the security and business context. Guided steps help teams proactively address this before risks become a major issue.
- Costing for a better understanding of cloud resource allocation. This helps teams put their cloud resources in the right context according to security and business priorities.
- Communication and collaboration functions to optimize workflows between security and DevOps teams. Tickets can be created on demand, teams communicate directly via messaging platforms, alerts and anomaly detections can be sent to Security Information & Event Management (SIEM) or Security Orchestration, Automation and Response (SOAR) products and the Darktrace mobile app , so that those responsible receive an alarm even when they are on the move.
- Flexible deployment options as standard, agentless deployment so companies can deploy the solution in minutes. Teams use the dynamic architectural view and risk context to decide where to deploy agents for advanced real-time actions and deeper investigations.
Availability
The new Darktrace/Cloud solution is now available on Amazon Web Services (AWS) through the AWS Marketplace, a curated digital catalog that makes it easier for customers to find, purchase, deploy and manage the third-party software they use for the development of solutions and the operation of their company. Darktrace and AWS have been working together since 2017 to help companies secure their AWS environments. Darktrace protects AWS environments for companies around the world. Darktrace is an AWS Security Competency Partner and part of the AWS ISV Accelerate program.
“Security is the most important mission at AWS,” said Paddy Fitzpatrick, Director – Independent Software Vendors, UK & Ireland at Amazon Web Services. “The threat landscape is constantly evolving. The availability of AI-based tools like Darktrace/Cloud on the AWS Marketplace helps customers gain greater visibility and respond more effectively to security risks and threats.”
More at Darktrace.com
About Darktrace Darktrace, a global leader in artificial intelligence for cybersecurity, protects businesses and organizations with AI technology from cyberattacks. Darktrace's technology registers atypical traffic patterns that indicate possible threats. In doing so, it recognizes novel and previously unknown attack methods that are overlooked by other security systems.