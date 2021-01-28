



Nabil Zoldjalali, Director of Cloud Security

With the visibility provided by Darktraces’ self-learning AI cloud cybersecurity and Google’s PacketMirroring, the Darktrace Immune System brings autonomous cloud-native threat detection, investigation and response to Google Cloud.

With Google’s packet mirroring service, Darktraces Cyber ​​AI is seamlessly deployed in the cloud to quickly understand what the normal activity of all users, containers, applications, and workloads in your Google Cloud environment will look like. I can do it. This bespoke real-time knowledge of an organization’s life patterns allows the Darktrace Immune System to identify subtle behavioral deviations that indicate a threat.

Darktrace provides the only cloud cybersecurity solution to learn at work, adapt to business evolution, and autonomously respond to any threat in the cloud. The ability to evolve with your organization and continually update your normal understanding is especially important given the speed and scale of development in the cloud.

The power of cyber AI and Google packet mirroring allows organizations to benefit from custom context-based defenses against even the most advanced threats that could result from misconfiguration and credential compromise. I will.

Context building: Leveraging Google packet mirroring for self-learning cyber AI

Darktrace leverages Google Packet Mirroring to monitor all traffic in your customers’ Google Cloud environment without the need to deploy agents. This allows Darktrace Immune Systems’ self-learning AI to analyze the entire packet, including headers and payloads, to build a rich behavioral model of activity in Google Cloud.

A deep understanding of this context allows the Darktrace Immune System to detect and correlate all weak indicators of threats that policy-based tools miss, even if the threats are very sophisticated or novel. I will.

In addition, all threats surfaced on Google Cloud are automatically investigated by Darktrace Immune Systems cyber AI analysts. The industry’s first technology triages, interprets, and reports the entire range of security incidents, reducing triage time by up to 92%.

Google Cloud’s Darktrace Security Module provides additional visibility, guarantees full awareness of Cloud Audit Log-Compatible service management activities and system events, and data access for deeper visibility of specific component activities. Provides additional log support. Security modules cover use cases focused on Darktraces workloads and identify threats such as data breaches and serious misconfigurations.

User access to Google Cloud is authenticated through the Google Workspace platform, so customers can use the Darktraces Google Workspace Module to visualize logins and other user activity. This module covers use cases focused on Darktraces employees and identifies threats such as credential compromise and internal threats.

Darktrace can cover the entire Google Cloud service, including:

BigQueryCloud ComputeCloud CDNCloud RunCloud SQLCloud Storage * Cloud TranslateKey ManagementResource Manager

* Please note that cloud storage files will not be audited by Google if they are explicitly published.

An integrated cloud-native platform for enterprise-wide defense

The Darktrace Immune System takes a radically unique approach to correlate Google Cloud behavior with activity from SaaS, email, remote endpoints, and any range of on-premises or off-premises infrastructure across the client enterprise. can do.

This is a decisive benefit as today’s enterprises and workforce are becoming more complex and dynamic. With Darktraces’ integrated security platform, cyber AI can connect points between anomalous behaviors in different infrastructure areas to prevent cloud security from being siled from monitoring other organizations. And because AI technology learns at work, the Darktrace Immune System provides the flexibility and scalability you need to evolve at the pace of your business.

Strengthen your security team and enable digital transformation with AI cloud security

The Darktrace Immune System provides the industry’s only self-learning platform that correlates information from across organizations and adapts in real time to increase the productivity of the entire security team and accelerate digital innovation, such as in the Google Cloud environment.

Cyber ​​AI analyzes data at speeds and scales that humans can’t, and provides actionable insights when teams need them. The Darktrace Immune System allows security analysts and business leaders to focus on thoughtful decision making as well, and AI runs in the background to keep businesses and employees protected at all times.

The main threat detection use cases in the Google Cloud environment are:

Data Leakage and Destruction: Detects anomalous device connections, anomalous resource deletions, changes, and movements

Critical misconfiguration: Catch anomalous permission changes and anomalous activity related to compliance-related data and devices

Credential Violation: Discover unusual user behavior such as brute force attacks, unusual login sources or times, rule changes and password resets

Insider Threats and Administrator Abuse: Identify subtle signs of malicious insiders, such as sensitive resource access, role changes, and user additions / removals.

Darktrace customers can learn more about using Google Packet Mirroring on the Customer Portal.

Learn more about AI cloud security: Read the white paper.

Nabil Zorjarari

Based in Toronto, Nabil specializes in cloud technology applications and works closely with the Darktraces Research & Development team. He advises strategic Fortune 500 customers across North America on advanced threat detection, cyber AI, and autonomous response in cloud and SaaS environments. Nabil is a frequent speaker at major industry conferences throughout North America, including Microsoft Ignite, Black Hat, and the World AI Forum. He holds a bachelor’s degree in electrical and electronic engineering from McGill University and is a member of the Advisory Board of the EC Council.

