What’s New

Darktrace for Cloud

Darktrace for Cloud brings Darktrace’s Self-Learning AI to hybrid and multi-cloud environments.

Arrange trial

VPC Traffic Mirroring allows Darktrace to build rich behavioral models for unique AWS environments

Continuously analyzes all Azure cloud traffic via lightweight, host-based server agents

Google’s Packet Mirroring gives Darktrace total coverage across all Google Cloud services

Self-learning cloud security

Powered by Self-Learning AI, Darktrace for Cloud learns the normal ‘patterns of life’ for users, devices, containers, and instances from scratch in order to detect and respond to unknown and unpredictable cyber-attacks.

Understands the dynamic human behind cloud services, adapting as their patterns change
Illuminates unpredictable cloud attacks that other tools miss, without human intervention
Tracks cyber-threats that move across hybrid and multi-cloud environments, in a single view

Thrives in complexity

Self-Learning AI is agnostic to different data forms and continuously revises its understanding of ‘normal’ across multiple cloud workloads in real time.

Responds in seconds

Darktrace’s continuously evolving understanding allows it to detect subtle deviations indicative of a threat, and take targeted and surgical action to contain the threat at machine speed.

Enterprise-wide protection

The Darktrace Immune System protects your dynamic workforce across every environment, from email, SaaS, and cloud infrastructure to the corporate network, OT, IoT, and the endpoint.

This allows Darktrace to recognize that actions which appear benign in isolation can point to a greater picture of threat.

For example, the AI can understand how a user login in AWS is linked to highly unusual login activity on that same user’s Microsoft 365 account moments earlier.

In such a case, Darktrace would immediately realize that an account takeover had occurred and autonomously stop the threat.

Self-Learning AI: use cases

Data exfiltration and destruction

Detects anomalous device connections and user access, as well as unusual resource deletion, modification, and movement

Critical misconfigurations

Catches unusual permission changes, and anomalous activity around compliance-related data or devices

Compromised credentials

Spots brute force attempts, unusual login source or time, and unusual user behavior including rule changes or password resets

Insider threat and admin abuse

Identifies the subtle signs of malicious insiders – including sensitive file access, resource modification, role changes, or adding/deleting users