Darktrace launches fully automated cloud forensics

Darktrace launches fully automated cloud forensics

Briefly

"Darktrace introduces the industry's first fully automated cloud forensics solution. Forensic Acquisition & Investigation aims to reduce investigation times from days to minutes by collecting evidence immediately when threats are detected. A survey of 300 cloud security decision-makers shows that nearly 90 percent of organizations suffer damage before they can contain cloud incidents. Additionally, investigations in cloud environments take three to five days longer than those in on-premises environments."

"Cloud adoption has simply outpaced security operations, creating dangerous blind spots that attackers are all too happy to exploit. Traditional log-based alerts miss critical attacker behavior such as lateral movement or privilege escalation. New analysis from Darktrace's Cloudypot honeypots shows that attacks against cloud workloads are becoming increasingly aggressive. Attacks against tools such as Jupyter Notebooks often occur in sudden waves, with multiple attacks in a short period from a small group of persistent attackers."

"Darktrace's new Forensic Acquisition & Investigation is designed for the speed and complexity of modern cloud environments. It captures and analyzes host-level evidence, including disk, memory, and logs, at the exact moment a threat is detected. This even applies to short-lived assets such as containers or serverless workloads that often disappear before evidence can be collected. Investigations can be triggered by Darktrace itself or by detections from existing cloud security tools."