The importance of cloud investigation and incident response are compounded by an expanded attack surface in the cloud, lack of advanced tooling to upskill teams, and increasing regulatory pressure from compliance regulations. This blog dives into these challenges and explores potential solutions for security teams attempting to secure their cloud environment

 Most cloud environments struggle to strike the right balance between security and accessibility. This blog breaks down why traditional approaches to cloud forensics often fail and outlines practical, security-first strategies to solve the access dilemma. You’ll learn how to enable effective investigations without over-permissioning your environment.

This blog walks through an example of how Darktrace’s CDR and automated cloud forensics capabilities automate cloud detection, and deep forensic investigation in a way that’s fast, scalable, and deeply insightful.

Learn how Darktrace helps bridge the DFIR skills gap with user-friendly, cloud-native forensic tools that streamline investigations across complex, multi-cloud environments.

This blog covers the five core capabilities that security teams should consider when evaluating a cloud forensics and incident response solution.

Darktrace’s latest research reveals that an evolving social engineering campaign continues to target cryptocurrency users through fake startup companies. These malicious operations impersonate AI, gaming, and Web3 firms using spoofed social media accounts and project documentation hosted on legitimate platforms like Notion and GitHub.

The biggest sources of risk in the cloud are misconfigurations, IAM failures, and infrastructure that is unprepared to handle cross-domain threats. Learn how AI-powered cloud security tools can help security teams identify and mitigate these risks.

While many internal teams contribute to general cloud hygiene, the security team has increasingly taken the lead on cloud security. Learn how AI-powered cloud detection and response tools can help these teams with new responsibilities.

This blog highlights how vulnerability data, collected using Cado's new vulnerability discovery feature, can be fused with threat data to help deepen the understanding of an attack, as well as guide remediation efforts.

This blog dives into the strengths and limitations of CNAPP, explaining how a CDR solution can enhance cloud security to identify and mitigate cross-domain threats.

Cloud security solutions can be deployed with agentless or agent-based approaches or use a combination of methods. Organizations must weigh which method applies best to the assets and data the tool will protect.

In the coming years, cloud security will not only need to adapt to increasingly complex environments as ecosystems become more distributed, but also to rapidly evolving threats like supply chain attacks, advanced misconfiguration exploits, and credential theft. AI-powered cloud security tools can help security teams keep up.

This blog highlights how Darktrace / CLOUD leverages self-learning AI to tackle critical cloud security challenges—such as misconfigurations, hybrid environment complexity, securing productivity suites, and agent fatigue—by providing unified visibility, intelligent monitoring, and real-time threat response to empower organizations with proactive protection.

This blog announces the general availability of Microsoft Azure support for Darktrace / CLOUD, enabling real-time cloud detection and response across dynamic multi-cloud environments. Read more to discover how Darktrace is pioneering AI-led real-time cloud detection and response.

Cado researchers detected a typosquatting domain mimicking their corporate site, part of a broader campaign targeting tech companies. The malicious domain redirected to the legitimate one, and an accompanying fake X (Twitter) account was created. Cado took swift action, informing staff, blocking emails, and reporting the domain for suspension.

As cloud adoption surges, the need for scalable, cloud-native security is paramount. This blog explores whether Cloud Detection and Response (CDR) is merely Network Detection and Response (NDR) tailored for the cloud, highlighting the unique challenges and essential solutions SOC teams require to secure dynamic cloud environments effectively.

This blog discusses why companies use third-party data management for efficiency, global access, collaboration, and reliability, while also addressing security risks associated and best practices with third-party data management.

Understand the evolution of cloud-based attacks and the increasing use of alternative methods for initial access in cyber threats.

Discover cloud migration insights, security challenges, best practices, and Darktrace's unique approach to enhancing cloud visibility and risk management.

Explore strategies, services, and risks associated with mastering cloud migration. Learn more here about hybrid cloud model, benefits, and migration phases.

OracleIV is a DDoS botnet exploiting misconfigured Docker Engine APIs. It delivers a malicious Python ELF executable within a Docker container ("oracleiv_latest") to perform various DoS attacks. The botnet communicates with a C2 server for commands, demonstrating attackers' continued use of exposed Docker instances.

Darktrace's autonomous response successfully thwarted a Trickbot intrusion. See how AI played a crucial role in this defense.

Qubitstrike is an emerging cryptojacking campaign primarily targeting exposed Jupyter Notebooks that exfiltrates cloud credentials, mines XMRig, and employs persistence mechanisms. The malware utilizes Discord for C2, displaying compromised host information and enabling command execution, file transfer, and process hiding via the Diamorphine rootkit.

Darktrace integrates AI with Amazon Security Lake for enhanced security investigations & threat detection. Learn how this collaboration benefits security teams.

A new P2Pinfect variant compiled for the Microprocessor without Interlocked Pipelined Stages (MIPS) architecture has been discovered. This demonstrates increased targeting of routers, Internet of Things (IoT) and other embedded devices by those behind P2Pinfect.

Darktrace highlights a handful of data theft incidents on shared cloud platforms, showing that cloud computing can be a vulnerable place for modern extortion.