Darktrace for Microsoft Azure cloud security

Powered by self-learning Cyber AI, Darktrace brings real-time awareness and advanced autonomous defense to your Azure cloud security strategy.

The Darktrace Immune System provides a unified platform for AI-driven threat detection, investigation, and response in Azure and across the business, ensuring your dynamic workforce is always protected.

With a deep understanding of normal behavior in your Azure cloud environment, the Darktrace Immune System can identify even the most subtle deviations from usual ‘patterns of life’ that point to a threat – no matter how sophisticated or novel.

Cyber AI defense for the cloud

With its bespoke, continuously evolving knowledge of how your business operates in the cloud, Darktrace’s Cyber AI can put behavior in context and spot the deviations from normal activity that point to an emerging threat.

When a threat emerges, Darktrace Antigena can interrupt attacks on your behalf with AI-driven Autonomous Response. The Darktrace Immune System’s Cyber AI Analyst further automatically investigates every threat surfaced, reporting on the full scope of cloud-based security incidents and reducing triage time by up to 92%.

Bespoke real-time coverage
Continuous cloud security monitoring with AI that learns ‘on the job’
Self-learning AI defense
Detects and responds to critical misconfigurations, credential compromise, and insider threats
Enterprise-wide visibility
Unified view of behavior in your Azure cloud, and across the business
Cyber AI Analyst investigation
Automatic triaging and executive-friendly reporting
Data exfiltration and destruction

Detects anomalous device connections and user access, as well as unusual resource deletion, modification, and movement

Critical misconfigurations

Catches unusual permission changes, and anomalous activity around compliance-related data or devices

Compromised credentials

Spots brute force attempts, unusual login source or time, and unusual user behavior including rule changes or password resets

Insider threat and admin abuse

Identifies the subtle signs of malicious insiders – including sensitive file access, resource modification, role changes, or adding/deleting users

An AI-native solution for Azure cloud security

Darktrace builds rich behavioral models for workforce and workload activity, correlating cloud traffic with activity from email, SaaS, remote endpoints, and any range of on- or off-premise infrastructure across the enterprise. Coverage includes activity at the administrative level, allowing for real-time detection of admin abuse or account takeover at this level.

Cyber AI can autonomously connect the dots between unusual behavior in disparate infrastructure areas, ensuring cloud security is not siloed from the monitoring of the rest of the organization.

Cyber AI across the full range of Azure services

  • Azure DevOps
  • Virtual Machines
  • CosmosDB
  • Azure Active Directory
  • Azure Function
  • Azure SQL
  • Blob Storage
  • Queue Storage
  • File Storage
  • Table Storage

Proven to Protect

Unencrypted IP in Azure

A leading manufacturing company in Europe was using a Microsoft Azure server to store files containing product details and sales projections. When a device downloaded a ZIP file from the server, Darktrace’s Cyber AI identified it as a highly anomalous connection, and it was later discovered that the ZIP file was accessible to anyone who knew the URL. Darktrace was able to prevent the loss of valuable intellectual property and proceeded to assist the security team in revising their data storage practices in Azure.

Cloud Misconfiguration

When configuring their native cloud controls, a financial services organization mistakenly left an important cloud-hosted server exposed to the Internet when it was meant to be isolated behind a firewall. The exposed server was eventually discovered and targeted by cyber-criminals scanning the Internet via Shodan. Within seconds, Darktrace’s AI detected that the VM was receiving an unusual amount of incoming connection attempts from a wide range of rare external sources and alerted the security team to the threat.

Crypto-Mining Infection

At a multinational organization with workloads across Azure and AWS, as well as containerized systems like Docker and Kubernetes, a junior engineer accidentally downloaded an update that included a crypto-miner. The crypto malware infection was able to rapidly spread across the organization’s expansive cloud infrastructure at machine speed, infecting 20 cloud servers in under 15 seconds. But thanks to Darktrace’s self-learning AI, the security team could identify and contain the attack within minutes, well before the costs could start to mount.

Insider Threat

At a UK retailer, a recently laid off IT manager downloaded contact details and credit card numbers from the customer database before leaving, transferring them to a home server via one of the company’s regular cloud data transfer services. Darktrace’s AI detected the threatening behavior within seconds, intelligently correlating the highly suspicious connections and downloads from the IT Manager’s device – even though the use of the cloud service would have been seen as legitimate business activity in other circumstances.