Darktrace for Google Cloud Security
With advanced Self-Learning AI, Darktrace brings unprecedented real-time visibility and autonomous defense to your Google Cloud security strategy.
The Darktrace Immune System provides a unified platform for AI-driven threat detection, investigation, and response in Google Cloud and across the business, ensuring your dynamic workforce is always protected.
By learning what normal activity looks like for every user, device, and resource in your Google Cloud environment, Darktrace technology can identify even the most subtle signs of an emerging threat – from compromised credentials, to malicious insiders, to critical misconfigurations or compliance issues.
Self-Learning AI Defense for the Dynamic Workforce and Business
With its bespoke, continuously evolving knowledge of how your business operates in the cloud, Darktrace’s Self-Learning AI can put behavior in context and spot the deviations from normal activity that point to a threat — no matter how sophisticated or novel.
Once a threat is identified, Darktrace for Network can interrupt attacks on your behalf with AI-driven Autonomous Response. The Darktrace Immune System’s Cyber AI Analyst further automatically investigates every threat surfaced, reporting on the full scope of cloud-based security incidents and reducing triage time by up to 92%.
Detects anomalous device connections and user access, as well as unusual resource deletion, modification, and movement
Catches unusual permission changes, and anomalous activity around compliance-related data or devices
Spots brute force attempts, unusual login source or time, and unusual user behavior including rule changes or password resets
Identifies the subtle signs of malicious insiders – including sensitive file access, resource modification, role changes, or adding/deleting users
A Self-Learning Solution with Google Packet Mirroring
Darktrace leverages Google’s Packet Mirroring service to monitor all traffic in a customer’s Google Cloud environment. This allows the Darktrace Immune System’s Self-Learning AI to analyze the entire packet, including headers and payload, and build rich behavioral models for activity in Google Cloud.
Taking a fundamentally unique approach, the Darktrace Immune System can correlate this private and public cloud traffic with traffic from email, SaaS, remote endpoints, and any range of on- or off-premise infrastructure across a customer’s enterprise. This critical function ensures that cloud security is not siloed from the monitoring of the rest of the business.
The Darktrace Security Module for Google Cloud and Darktrace’s Google Workspace Module provide additional visibility, allowing the Darktrace Immune System to deliver optimum coverage across all your Google Cloud services.
Google Workspace Cloud Email Security
Darktrace for Email is an AI-powered email security solution that protects the inbox from the full range of attacks. While Google’s native and add-on email controls look for known email attack vectors, Darktrace for Email is able to identify novel email threats that get through, including impersonation attacks, payload delivery and data loss.
With unified understanding across email, SaaS and the cloud, the Darktrace Immune System can correlate activity across multiple environments, enabling greater detection, investigation and response capabilities.
This blog explains how the visibility provided by Google’s Packet Mirroring enables the Darktrace Immune System to deliver seamless Self-Learning AI defense in the cloud and form an understanding of what normal activity looks like for every user, container, application, and workload in a customer’s Google Cloud environment.