Darktrace introduces the industry’s first fully automated cloud forensics solution. Forensic Acquisition & Investigation aims to reduce investigation times from days to minutes by collecting evidence immediately when threats are detected.
A survey of 300 cloud security decision-makers shows that nearly 90 percent of organizations suffer damage before they can contain cloud incidents. Additionally, investigations in cloud environments take three to five days longer than those in on-premises environments.
Cloud adoption has simply outpaced security operations, creating dangerous blind spots that attackers are all too happy to exploit. Traditional log-based alerts miss critical attacker behavior such as lateral movement or privilege escalation.
New analysis from Darktrace’s Cloudypot honeypots shows that attacks against cloud workloads are becoming increasingly aggressive. Attacks against tools such as Jupyter Notebooks often occur in sudden waves, with multiple attacks in a short period from a small group of persistent attackers.
Automatic forensics at cloud speed
Darktrace’s new Forensic Acquisition & Investigation is designed for the speed and complexity of modern cloud environments. It captures and analyzes host-level evidence, including disk, memory, and logs, at the exact moment a threat is detected.
This even applies to short-lived assets such as containers or serverless workloads that often disappear before evidence can be collected. Investigations can be triggered by Darktrace itself or by detections from existing cloud security tools. Unlike point solutions that rely on manual snapshots or agents, Darktrace collects evidence directly via cloud APIs.
By preserving volatile data and reconstructing attacker behavior in real time, the solution adds critical context to daily investigations. This enables security teams to quickly understand the root cause and reduce investigation times from days to minutes.
Key features of the solution include automated hybrid forensic capture, preservation of evidence from short-lived workloads, automated investigations with complete timelines, and scalable response and reporting.
Darktrace / Forensic Acquisition & Investigation is now available.