Darktrace introduces self-learning AI Cloud solution

Image courtesy Darktrace

The new solution provides comprehensive visibility of cloud architectures, real-time cloud-native threat detection and response and prioritised recommendations and actions to help security teams manage misconfigurations and strengthen compliance. When combined with insight from Darktrace solutions for network, email, apps, zero trust and endpoint, Darktrace/Cloud provides a deeper, contextualised understanding of the risks and threats currently facing an organisation’s digital estate.  

According to a recent report: 'Gartner anticipates over 99 percent of cloud breaches will be based on a customer error, account takeover or misconfiguration until 2027'. Cloud environments are constantly evolving so security professionals need to increase the level of visibility while keeping up with changing compliance, risk and security requirements. The rise of cloud-native technologies including containers, Kubernetes and microservices also require new tools and techniques for detecting and responding to known and novel threats.

Jack Stockdale (above), Chief Technology Officer, Darktrace said:  "Unlike static cloud security tools that provide snapshots of a specific point in time, Darktrace/Cloud is real-time, all the time. Our Self-Learning AI continuously learns patterns between workloads, assets, policy configurations and identities to provide a dynamic view of cloud architectures. We analyse the entire cloud stack from data to control plane, combining an understanding of architecture and network with a new flexible, scalable deployment model.

“Our innovative approach to cloud security is built on more than a decade of leadership in Cyber AI that is already protecting our customers’ critical business areas from network and email to operational technology.”

Available today, the new capabilities in Darktrace/Cloud include:

• Comprehensive visibility and architecture modeling for insights into the constantly changing nature of cloud environments . This visibility is constructed dynamically from configuration, network, users and identity and access management (IAM) data. Darktrace establishes patterns of life for cloud resources, identities, and services to understand who has access to what and how. This is critical for detecting anomalies and unknown threats.
• Universal attack path modeling provides a dynamic view of where attackers may look to move next . Darktrace brings together real-time cloud data and a deep understanding of your cloud environment with a platform approach that provides insights about risks from other covered areas of the business (e.g., network, email) to highlight potential attack paths and prioritize important assets to secure.
• Unique real-time and cloud-native threat detection and response that provides a dynamic view of known and novel threats within the cloud. Darktrace combines deep cloud attack path knowledge with real-time anomaly and threat detection through cloud-native autonomous response actions, such as detaching a policy from a user or removing a workload from a security group.    
• Prioritised cloud posture management that starts by examining cloud configurations against common compliance frameworks. Where misconfigurations are detected, Darktrace provides a prioritized view of what to fix first, based on a risk profile generated from security and business context. Guided steps can be provided to help teams proactively address these before they become a significant issue.
• Cost discovery to provide a better understanding of cloud resource allocation. This helps teams contextualise their cloud resources according to security and business priorities.
• Communication and collaboration capabilities to streamline workflows between security teams and DevOps teams. Tickets can be created on demand, teams can communicate directly via messaging platforms, and alerts and anomaly detections can be sent to Security Information & Event Management (SIEM) or Security Orchestration, Automation and Response (SOAR) products and the Darktrace Mobile app so they can be alerted on the go.
• Flexible deployment options include an agentless deployment by default so organizations can be up and running in minutes. Teams can use the dynamic architectural view and risk context to decide where to deploy agents for enhanced real-time actions and deeper inspection.

Sykes Cottages, a cloud-native travel agency platform in the UK, has experienced significant growth in the last five years and has relied on the cloud to help them scale throughout this period. Jonny Mattey, Head of Cybersecurity, Sykes Cottages said: "When it comes to cybersecurity, having visibility and an understanding of what you’ve got and your risks is critical. If I don’t know it’s there, I can’t protect it.

“Having a holistic, live view of our cloud environment enables us to work pragmatically and use AI to cut down management time so that we can address security risks and improve our resilience.”

The new Darktrace/Cloud solution is now available on Amazon Web Services (AWS) through the AWS Marketplace, a curated digital catalog that makes it easy for customers to find, buy, deploy and manage the third-party software they need to build solutions and run their business. Darktrace and AWS have been collaborating since 2017 to help organisations secure their AWS environments. Darktrace protects AWS environments for organisations around the world including Sunwest Bank and ProPhase Labs. Darktrace is an AWS Security Competency Partner and is part of the AWS ISV Accelerate programme.

Paddy Fitzpatrick, Director – Independent Software Vendors, UK & Ireland at Amazon Web Services, said: "Security is job zero at AWS. As the threat landscape continues to evolve, the availability of AI-based tools like Darktrace/Cloud on the AWS Marketplace will help customers to gain increased visibility, and respond more effectively to security risks and threats.”

Darktrace first extended its Cyber AI capabilities to cloud environments in 2016, applying its world class algorithms to granular network traffic.

Darktrace/Cloud was recently named Cloud Security Product of the Year for Large Enterprises by Computing Magazine in its 2023 Cloud Excellence Awards.