Darktrace today unfurled a cloud security platform that leverages artificial intelligence (AI) in the form of machine learning algorithms to detect known trusted patterns for deploying software in real-time and then automatically apply any missing controls.
Nabil Zoldjalali, vice president for technology innovation at Darktrace, said for the first time, Darktrace/Cloud provides cybersecurity teams with an approach to cloud security that allows them to immediately respond any time a workload that doesn’t align with previous deployment patterns is deployed. Previously, all cybersecurity professionals could do in such situations was send a message asking a developer why approved guidelines were being ignored, noted Zoldjalali.
Darktrace uses an agentless approach to initially gain visibility into how Amazon Web Services (AWS) environments have been constructed. It then uses that data to establish accepted norms for deploying cloud applications that are then used to identify anomalies and potential threats.
Armed with that insight, it then also becomes possible to model attack paths that cybercriminals might exploit to enable organizations to improve cloud security posture management by, for example, identifying misconfigurations. The platform then provides a prioritized view of what to fix first based on a profile that organizations can adjust based on the level of risk they are willing to accept.
In addition, Darktrace/Cloud will surface recommendations to improve resource allocations to help reduce costs.
Finally, the platform also enables tickets and alerts to be created that can be shared via multiple messaging services, third-party security information and event management (SIEM) or security orchestration, automation and response (SOAR) platforms or a Darktrace Mobile application.
Darktrace already provides similar AI tools for securing networks, email, applications and endpoints and organizations can opt to deploy the agent software the company provides in the cloud if they so choose, noted Zoldjalali. Organizations should not have to choose between an agent or agentless approach when each one enables different capabilities, he added.
The biggest challenge when it comes to cloud security is that much of this infrastructure has historically been provisioned by developers who have limited to no cybersecurity expertise. As a result, it’s not uncommon for misconfigurations to be created that enable cybercriminals to inject malware and exfiltrate data. In theory, development teams are embracing DevSecOps best practices to reduce the number of misconfigurations, but that approach depends on developers following guardrails that have been put in place.
The Darktrace approach provides a means for cybersecurity teams to enforce those best practices based on validated processes in a less obtrusive way, noted Zoldjalali.
It’s too early to assess to what degree DevSecOps best practices are improving application security, but it’s clear steady progress is being made. However, with more stringent regulations that will hold organizations more accountable for application security on the horizon, many organizations need to accelerate the pace at which DevSecOps is being adopted. The challenge, as always, is determining which team in an organization will be responsible for crafting and implementing the policies required to achieve that goal, regardless of where applications happen to be deployed.
Recent Articles By Author