Darktrace for AWS Cloud Security

With the power of Cyber AI, Darktrace brings real-time visibility and adaptive, autonomous defense to your AWS cloud security strategy.

The Darktrace Immune System provides a unified platform for AI-driven threat detection, investigation, and response in your AWS cloud and across the business, ensuring your dynamic workforce is always protected.

Self-learning Cyber AI continuously learns what normal behavior looks like for every user, device, and workload in your AWS environment. With this deep understanding of usual ‘patterns of life,’ the Darktrace Immune System can recognize the subtle deviations that point to a threat – from account takeovers, to critical misconfigurations.

Bespoke, real-time coverage
Continuous cloud security monitoring with AI that learns ‘on the job’
Advanced cloud defense
Self-learning AI identifies and autonomously responds to the stealthiest threats in AWS cloud
Enterprise-wide visibility
Unified view of behavior in your AWS cloud environment, and beyond
Cyber AI Analyst investigation
Automatic triaging and executive-friendly reporting

Cyber AI Defense for the Dynamic Workforce and Business

With its bespoke, continuously evolving knowledge of how your business operates in the cloud, Darktrace’s Cyber AI can put behavior in context and spot the deviations from normal activity that point to a threat — no matter how sophisticated or novel.

Once a threat is identified, Darktrace Antigena can interrupt attacks on your behalf with AI-driven Autonomous Response. The Darktrace Immune System’s Cyber AI Analyst further automatically investigates every threat surfaced, reporting on the full scope of cloud-based security incidents and reducing triage time by up to 92%.

Data exfiltration and destruction

Detects anomalous device connections and user access, as well as unusual resource deletion, modification, and movement

Critical misconfigurations

Catches unusual permission changes, and anomalous activity around compliance-related data or devices

Compromised credentials

Spots brute force attempts, unusual login source or time, and unusual user behavior including rule changes or password resets

Insider threat and admin abuse

Identifies the subtle signs of malicious insiders – including sensitive file access, resource modification, role changes, or adding/deleting users

An AI-Native Solution for AWS Cloud Security

With VPC Traffic Mirroring from AWS, Darktrace’s self-learning AI can access granular packet data, allowing the Darktrace Immune System to build rich behavioral models based on traffic in our customers’ AWS cloud environments.

Taking a fundamentally unique approach, the Darktrace Immune System can correlate this cloud traffic with activity from email, SaaS, remote endpoints, and any range of on- or off-premise infrastructure across a customer’s enterprise.

This critical capability means Cyber AI can autonomously connect the dots between unusual behavior in disparate infrastructure areas and ensure cloud security is not siloed from the monitoring of the rest of the organization.

The Darktrace Security Module for AWS provides additional visibility, with AI-powered monitoring of management and administration activity via interaction with AWS CloudTrail. With this deep knowledge of how your business operates in the cloud, Darktrace delivers total coverage across all your AWS services.

EC2
IAM
S3
VPC
Lambda
Athena
DynamoDB
Route 53
ACM
RDS
“Prior to deploying Darktrace, our AWS environment was a blind spot. Darktrace has armed us with world-leading Cyber AI technology that defends our entire distributed infrastructure in real time.”
Innovating Capital

Proven to Protect

Overzealous Cloud DevOps

A well-intentioned DevOps Engineer attempted to build a back-up infrastructure within AWS to replicate their organization’s data center production systems, without alerting management or realizing that the cost of running the system would have been several million dollars per year. When the cloud infrastructure was launched, Darktrace’s Cyber AI alerted to the unusual behavior and the security team was able to take preventative action immediately.

Unencrypted PII in AWS

When a US city government uploaded the addresses, phone numbers, and vehicle registration numbers of its citizens to AWS via unencrypted connections, Darktrace revealed the dangerous blind spot. An unusual connection from a desktop device within the company was identified by Darktrace’s Cyber AI as a possible threat and the exposed public data was discovered, allowing the security team to correct the misconfiguration.

Crypto-Mining Infection

At a multinational organization with workloads across AWS and Azure, as well as containerized systems like Docker and Kubernetes, a junior engineer accidentally downloaded an update that included a crypto miner. The crypto malware infection was able to rapidly spread across the organization’s expansive cloud infrastructure at machine speed, infecting 20 cloud servers in under 15 seconds. But thanks to Darktrace’s self-learning AI, the security team could identify and contain the attack within minutes, well before the costs could start to mount.

Insider Threat

At a UK retailer, a recently laid off IT manager downloaded contact details and credit card numbers from the customer database before leaving, transferring them to a home server via one of the company’s regular cloud data transfer services. Darktrace’s AI detected the threatening behavior within seconds, intelligently correlating the highly suspicious connections and downloads from the IT Manager’s device – even though the use of the cloud service would have been seen as legitimate business activity in other circumstances.

“With Cyber AI, Darktrace can detect sophisticated cloud-based attacks, including insider threats and novel strains of malware that other tools miss. Darktrace provides unprecedented visibility, making it uniquely capable of defending our critical infrastructure.”
City of Las Vegas