English 
Darktrace, a global leader in AI cybersecurity, announced the general availability of Darktrace/Forensic Acquisition & Investigation™, the industry’s first truly automated cloud forensics solution. The solution provides enterprise security teams with instant access to forensic-level data, armed with critical context for fast and thorough threat investigation across hybrid, multi-cloud and on-premise environments. When combined with the newly enhanced Darktrace / CLOUD™, organizations can create a comprehensive cloud security solution that combines posture management with real-time detection, response and forensic investigation, reducing investigation times from days to just minutes.
The speed of cloud adoption is outpacing security operations, creating blind spots that attackers can quickly exploit. According to a survey of 300 cloud security decision makers[2], nearly 90% of organizations are affected by a cloud incident before they can contain it, and 65% said that investigations take 3-5 days longer in cloud environments than on-premises environments. Traditional log-based alerts miss behaviors like lateral movement and privilege escalation, and evidence from ephemeral assets like containers and serverless functions often disappears before it can be collected, leaving enterprise security teams struggling to mount an effective response.
At the same time, attacks against cloud workloads are becoming increasingly intense. New analysis of Darktrace’s CloudyPot honeypot[3] shows that attacks against tools like Jupyter Notebooks often occur in sudden bursts, with a small group of persistent attackers generating a large number of attacks in a short period of time. These findings highlight the rapidity and scale with which adversaries target the cloud, leaving defenders with little time to investigate before critical evidence disappears.
こちらもお読みください: Semperis Teams with Tokyo Electron for ITDR in Japan
Introduction to Darktrace / Forensic Acquisition & Investigation
Darktrace / Forensic Acquisition & Investigation™ is an automated forensic investigation solution designed to handle the speed and complexity of modern cloud environments. It captures and analyzes host-level evidence, including disk, memory, and logs, the exact moment a threat is detected, even from ephemeral assets like containers and serverless workloads. These investigations can be triggered by Darktrace detections or by detections from your existing cloud security tools.
Unlike other point solutions that rely on manually created snapshots or agents, Darktrace collects evidence directly through cloud APIs, allowing investigations to begin immediately and ensuring critical data in ephemeral workloads is never lost. Preserving volatile data and reconstructing attacker behavior in real time adds critical context to routine investigations, enabling enterprise security teams to quickly understand root cause and reduce investigation time from days to just minutes. This is a crucial advantage, as over 40% of organizations report significant damage from cloud alerts that were never even investigated. [4]
The solution builds on the capabilities gained from Darktrace’s acquisition of Cado Security earlier this year and represents the result of continued R&D investment to expand and strengthen Darktrace’s cloud security portfolio.
Darktrace/Forensic Acquisition & Investigation can be deployed as a standalone product, giving first-time customers immediate access to automated cloud forensics to support the day-to-day management of cloud security threats for SOCs and incident response teams. It can also be integrated into the Darktrace ActiveAI Security Platform™ for end-to-end investigation and response across digital assets across an organization. When combined with Darktrace / CLOUD, it is particularly powerful, as the two solutions combine real-time cloud detection and response with forensic-level investigation in a single workflow.
ソース PRタイムズ
日本語