Technology
Products
Resources
Company
English
Technology
Products
Blog
Resources
Company

AI cloud security with the Darktrace Immune System and Google Packet Mirroring

Nabil Zoldjalali, Director of Cloud Security

With Darktrace’s self-learning AI cloud cyber security and the visibility provided by Google’s Packet Mirroring, the Darktrace Immune System brings autonomous, cloud-native threat detection, investigation, and response to your Google Cloud.

Google’s Packet Mirroring service enables Darktrace’s Cyber AI to seamlessly deploy in the cloud and immediately form an understanding of what normal activity looks like for every user, container, application, and workload in a customer’s Google Cloud environment. This bespoke, real-time knowledge of an organization’s ‘pattern of life’ allows the Darktrace Immune System to identify the subtle behavioral deviations that point to a threat.

Darktrace delivers the only cloud cyber security solution that learns ‘on the job’, adapts as your business evolves, and autonomously responds to the full range of threats in the cloud. The ability to evolve with an organization and continuously update its understanding of ‘normal’ is a particularly critical feature given the speed and scale of development in the cloud.

With the power of Cyber AI and Google Packet Mirroring, organizations can benefit from bespoke, context-based defense against even the most advanced threats that may emerge – from misconfigurations to compromised credentials.

Building context: Leveraging Google Packet Mirroring for self-learning Cyber AI

Darktrace leverages Google Packet Mirroring to monitor all traffic in a customer’s Google Cloud environment, with no need to deploy agents. This allows the Darktrace Immune System’s self-learning AI to analyze the entire packet, including headers and payload, and build rich behavioral models for activity in Google Cloud.

With this deep understanding of context, the Darktrace Immune System can detect and correlate all the weak indicators of a threat that policy-based tools miss – even if the threat is highly sophisticated or novel.

What’s more, every threat surfaced in Google Cloud is automatically investigated by the Darktrace Immune System’s Cyber AI Analyst. An industry first, the technology triages, interprets, and reports on the full scope of security incidents, reducing triage time by up to 92%.

The Darktrace Security Module for Google Cloud provides additional visibility, ensuring full awareness of administrative activity and system events in Cloud Audit Log-Compatible services, with additional support for Data Access Logs for deeper visibility into specific component activity. The Security Module allows for coverage of Darktrace’s workload-focused use cases, identifying threats like data exfiltration and critical misconfigurations.

Because user access to Google Cloud is authenticated via the Google Workspace platform, customers can gain visibility of logins and other user activity with Darktrace’s Google Workspace Module. This Module allows for coverage of Darktrace’s workforce-focused use cases, identifying threats like compromised credentials and insider threat.

Darktrace can deliver total coverage across all your Google Cloud services, including:

  • BigQuery
  • Cloud Compute
  • Cloud CDN
  • Cloud Run
  • Cloud SQL
  • Cloud Storage*
  • Cloud Translate
  • Key Management
  • Resource Manager

*Please note cloud storage files are no longer audited by Google if made explicitly public.

A unified, AI-native platform for defense across the enterprise

Taking a fundamentally unique approach, the Darktrace Immune System can correlate behavior in Google Cloud with activity from SaaS, email, remote endpoints, and any range of on- or off-premise infrastructure across a customer’s enterprise.

This is a crucial benefit, as businesses and workforces today are increasingly complex and dynamic. With Darktrace’s unified security platform, Cyber AI can connect the dots between unusual behavior in disparate infrastructure areas and ensure cloud security is not siloed from the monitoring of the rest of the organizations. And because the AI technology learns ‘on the job’, the Darktrace Immune System provides the flexibility and scalability needed to evolve at the pace of your business.

Figure 1: The Darktrace Immune System

Augmenting security teams and enabling digital transformation with AI cloud security

The Darktrace Immune System provides the industry’s only self-learning platform that correlates information from across the organization and adapts in real time – improving productivity across the security team and letting you accelerate digital innovation in your Google Cloud environment, and beyond.

Cyber AI can analyze data at a speed and scale impossible for humans, and surfaces actionable insights right when your team needs them. With the Darktrace Immune System, security analysts and business leaders alike can focus more on thoughtful decision-making, while the AI works in the background to ensure the business and workforce are always protected.

Key threat detection use cases for Google Cloud environments include:

  • Data exfiltration and destruction: Detects anomalous device connections, and unusual resource deletion, modification, and movement

  • Critical misconfigurations: Catches unusual permission changes, and anomalous activity around compliance-related data or devices

  • Compromised credentials: Spots brute force attempts, unusual login source or time, and unusual user behavior including rule changes or password resets

  • Insider threat and admin abuse: Identifies the subtle signs of malicious insiders – including sensitive resource access, role changes, or adding/deleting users

Darktrace customers can learn more about leveraging Google Packet Mirroring on the Customer Portal

Learn more about AI cloud security: Read the White Paper.

Nabil Zoldjalali

Based in Toronto, Nabil specializes in the application of cloud technologies and works closely with Darktrace’s Research & Development team. He advises strategic Fortune 500 customers across North America on advanced threat detection, Self-Learning AI, and Autonomous Response for cloud and SaaS environments. Nabil is a frequent speaker at leading industry conferences across North America, including Microsoft Ignite, Black Hat, and the World AI Forum. He holds a Bachelor’s degree in Electrical and Electronic Engineering from McGill University and is an advisory board member of the EC Council.