Blog

Nuvem

Segurança da nuvem IA com o Imune Sistema Darktrace e o Google Packet Mirroring

Segurança da nuvem IA com o Imune Sistema Darktrace e o Google Packet MirroringDefault blog imageDefault blog image
27
Jan 2021
27
Jan 2021

With Darktrace’s Self-Learning AI cloud cyber security and the visibility provided by Google’s Packet Mirroring, the Darktrace Immune System brings autonomous, cloud-native threat detection, investigation, and response to your Google Cloud.

Google’s Packet Mirroring service enables Darktrace’s Cyber AI to seamlessly deploy in the cloud and immediately form an understanding of what normal activity looks like for every user, container, application, and workload in a customer’s Google Cloud environment. This bespoke, real-time knowledge of an organization’s ‘pattern of life’ allows the Darktrace Immune System to identify the subtle behavioral deviations that point to a threat.

Darktrace delivers the only cloud cyber security solution that learns ‘on the job’, adapts as your business evolves, and autonomously responds to the full range of threats in the cloud. The ability to evolve with an organization and continuously update its understanding of ‘normal’ is a particularly critical feature given the speed and scale of development in the cloud.

With the power of Cyber AI and Google Packet Mirroring, organizations can benefit from bespoke, context-based defense against even the most advanced threats that may emerge – from misconfigurations to compromised credentials.

Building context: Leveraging Google Packet Mirroring for self-learning Cyber AI

Darktrace leverages Google Packet Mirroring to monitor all traffic in a customer’s Google Cloud environment, with no need to deploy agents. This allows the Darktrace Immune System’s self-learning AI to analyze the entire packet, including headers and payload, and build rich behavioral models for activity in Google Cloud.

With this deep understanding of context, the Darktrace Immune System can detect and correlate all the weak indicators of a threat that policy-based tools miss – even if the threat is highly sophisticated or novel.

What’s more, every threat surfaced in Google Cloud is automatically investigated by the Darktrace Immune System’s Cyber AI Analyst. An industry first, the technology triages, interprets, and reports on the full scope of security incidents, reducing triage time by up to 92%.

The Darktrace Security Module for Google Cloud provides additional visibility, ensuring full awareness of administrative activity and system events in Cloud Audit Log-Compatible services, with additional support for Data Access Logs for deeper visibility into specific component activity. The Security Module allows for coverage of Darktrace’s workload-focused use cases, identifying threats like data exfiltration and critical misconfigurations.

Because user access to Google Cloud is authenticated via the Google Workspace platform, customers can gain visibility of logins and other user activity with Darktrace’s Google Workspace Module. This Module allows for coverage of Darktrace’s workforce-focused use cases, identifying threats like compromised credentials and insider threat.

Darktrace can deliver total coverage across all your Google Cloud services, including:

  • BigQuery
  • Cloud Compute
  • Cloud CDN
  • Cloud Run
  • Cloud SQL
  • Cloud Storage*
  • Cloud Translate
  • Key Management
  • Resource Manager

*Please note cloud storage files are no longer audited by Google if made explicitly public.

A unified, AI-native platform for defense across the enterprise

Taking a fundamentally unique approach, the Darktrace Immune System can correlate behavior in Google Cloud with activity from SaaS, email, remote endpoints, and any range of on- or off-premise infrastructure across a customer’s enterprise.

This is a crucial benefit, as businesses and workforces today are increasingly complex and dynamic. With Darktrace’s unified security platform, Cyber AI can connect the dots between unusual behavior in disparate infrastructure areas and ensure cloud security is not siloed from the monitoring of the rest of the organizations. And because the AI technology learns ‘on the job’, the Darktrace Immune System provides the flexibility and scalability needed to evolve at the pace of your business.

Figure 1: The Darktrace Immune System

Augmenting security teams and enabling digital transformation with AI cloud security

The Darktrace Immune System provides the industry’s only self-learning platform that correlates information from across the organization and adapts in real time – improving productivity across the security team and letting you accelerate digital innovation in your Google Cloud environment, and beyond.

Cyber AI can analyze data at a speed and scale impossible for humans, and surfaces actionable insights right when your team needs them. With the Darktrace Immune System, security analysts and business leaders alike can focus more on thoughtful decision-making, while the AI works in the background to ensure the business and workforce are always protected.

Key threat detection use cases for Google Cloud environments include:

  • Data exfiltration and destruction: Detects anomalous device connections, and unusual resource deletion, modification, and movement
  • Critical misconfigurations: Catches unusual permission changes, and anomalous activity around compliance-related data or devices
  • Compromised credentials: Spots brute force attempts, unusual login source or time, and unusual user behavior including rule changes or password resets
  • Insider threat and admin abuse: Identifies the subtle signs of malicious insiders – including sensitive resource access, role changes, or adding/deleting users

Darktrace customers can learn more about leveraging Google Packet Mirroring on the Customer Portal

More in this series:

Nenhum item encontrado.

Curtiu e quer mais?

Receba o último blog em sua caixa de entrada
Obrigado! Seu pedido foi recebido!
Oops! Alguma coisa deu errado ao enviar o formulário.
DENTRO DO SOC
Os analistas cibernéticos da Darktrace são especialistas de classe mundial em inteligência de ameaças, caça de ameaças e resposta a incidentes, e fornecem suporte 24/7 SOC a milhares de Darktrace clientes em todo o mundo. Dentro do SOC é de autoria exclusiva desses especialistas, fornecendo análises de incidentes cibernéticos e tendências de ameaças, com base na experiência do mundo real na área.
AUTOR
SOBRE O AUTOR
Nabil Zoldjalali
VP, Technology Innovation

Based in Toronto, Nabil develops innovative ways to continuously realize the Darktrace technology vision, working closely with Darktrace’s Research & Development team. He advises strategic Fortune 500 customers across North America on advanced threat detection, Self-Learning AI, and Autonomous Response. Nabil is a frequent speaker at leading industry conferences across North America, including Microsoft Ignite, Black Hat, and the World AI Forum. He holds a Bachelor’s degree in Electrical and Electronic Engineering from McGill University and is an advisory board member of the EC Council.

Cobertura de Core
Este artigo
Segurança da nuvem IA com o Imune Sistema Darktrace e o Google Packet Mirroring
Compartilhe
Twitter logoLinkedIn logo

Boas notícias para sua empresa.
Más notícias para os bandidos.

Comece seu teste gratuito

Comece seu teste gratuito

Entrega flexível
Você pode instalá-lo virtualmente ou com hardware.
Instalação rápida
Apenas 1 hora para a instalação - e ainda menos para um teste de segurança por e-mail.
Escolha seu percurso
Experimente a IA de auto-aprendizagem onde quiser - incluindo nuvem, rede ou e-mail.
Sem compromisso
Acesso total ao Darktrace Threat Visualizer e três relatórios de ameaças feitos sob medida, sem compromisso.
For more information, please see our Privacy Notice.
Obrigado! Seu pedido foi recebido!
Oops! Alguma coisa deu errado ao enviar o formulário.

Solicite uma demonstração

Entrega flexível
Você pode instalá-lo virtualmente ou com hardware.
Instalação rápida
Apenas 1 hora para a instalação - e ainda menos para um teste de segurança por e-mail.
Escolha seu percurso
Experimente a IA de auto-aprendizagem onde quiser - incluindo nuvem, rede ou e-mail.
Sem compromisso
Acesso total ao Darktrace Threat Visualizer e três relatórios de ameaças feitos sob medida, sem compromisso.
Obrigado! Seu pedido foi recebido!
Oops! Alguma coisa deu errado ao enviar o formulário.