GET A DEMO
See why 8,800+ companies trust Darktrace
Thanks, your request has been received
A member of our team will be in touch with you shortly.
YOU MAY FIND INTERESTING
Five Key Takeaways from Black Hat 2023
Hives & Frankensteins: The Half-Year Threat Report
Oups ! Un problème est survenu lors de la soumission du formulaire.

Darktrace/Cloud Use Cases

Embrace the cloud, manage the risks.

Operating in a cloud or hybrid environment can introduce risk from both external and internal sources. Darktrace/Cloud is built to address threats across your entire cloud infrastructure.
browse
Initial IntrusionFoothold & BeaconingLateral MovementExfiltration de donnéesData EncryptionInsider ThreatSupply Chain Attacks/
Third Party VulnerabilitiesCrypto-MiningCredential HarvestingMergers & Acquisitions (M&A)

Initial Intrusion

Darktrace has revealed well-known exploits such as Log4J, Hafnium, Kaseya, as well as thousands of lesser-known exploits on a regular basis.

Sample analysis of Darktrace/Cloud
Every threat is different, but here are some unusual patterns Darktrace/Cloud might assess when revealing this stage of attack:
Unusual Incoming RDP
Unusual File Download
Unusual .exe File Torrenting
Application Protocol to Uncommon Port
Large Numbers of Connections to New Endpoints

DARKTRACE - Mieux ensemble

Encore mieux lorsqu'il est déployé avec :
Email

Establish Foothold and Beaconing

When an attacker attempts to make contact with and remotely control a device, Darktrace pieces together subtle anomalies.

Sample analysis of Darktrace/Cloud
Every threat is different, but here are some unusual patterns Darktrace/Cloud might assess when revealing this type of attack:
Le balisage d'un jeune endpoint
Anomalous File Downloads
Téléchargement/téléchargement de données inhabituelles
Beaconing Activity to External Rare Endpoint
Connections to Unusual Endpoint

Darktrace RESPOND/Cloud neutralizes this activity blocking specific connections or enforcing the ‘pattern of life’

Lateral Movement

As an attacker begins to increase their knowledge of the network, perform scans, and escalate their privileges - for instance by obtaining admin credentials, DETECT/Cloud correlates thousands of data points.

Sample analysis of Darktrace/Cloud
Every threat is different, but here are some unusual patterns Darktrace/Cloud might assess when revealing this stage of attack:
Unusual SMB Enumeration
Suspicious Network Scan Activity
Unusual Admin SMB or RDP Sessions
New or Uncommon Service Control
Unusual SSH

Darktrace RESPOND/Cloud neutralizes this activity blocking specific connections or enforcing the ‘pattern of life’

Exfiltration de données

Whether smash and grab or a low and slow, DETECT/Cloud identifies subtle deviations in activity.

Sample analysis of Darktrace/Cloud
Every threat is different, but here are some unusual patterns Darktrace/Cloud might assess when revealing this type of attack:
Anomalous 
SMB Traffic
Uncommon 1 GiB Outbound
Data Sent to Rare Domain
Unusual External Data Transfer
Unusual Data Download / Upload to Rare Destination

Darktrace RESPOND/Cloud neutralizes this activity blocking specific connections or enforcing the ‘pattern of life’

Data Encryption

Even if familiar tools and methods are used to conduct encryption - whether symmetric or asymmetric - Darktrace detects the activity without using static rules or signatures. It identifies unusual behavior that may include:

Sample analysis of Darktrace/Cloud
Every threat is different, but here are some unusual patterns Darktrace/Cloud might assess when revealing this stage of attack:
Additional Extension Appended to SMB File
Suspicious SMB Read/Write Ratio
Sustained MIME Type Conversion
Possible Ransom Note
Activité suspecte du SMB

DARKTRACE - Mieux ensemble

Encore mieux lorsqu'il est déployé avec :
Apps

Darktrace RESPOND/Cloud neutralizes this activity blocking specific connections or enforcing the ‘pattern of life’

Insider Threat

Whether a malicious leaver or a careless employee disregarding company policy, Darktrace’s understanding of normal patterns of life allows it to stop threats on the inside.

Sample analysis of Darktrace/Cloud
Every threat is different, but here are some unusual patterns Darktrace/Cloud might assess when revealing this type of attack:
Sustained SSL and HTTP Increase
ICMP Address Scan
Uncommon WMI Activity
Numeric Exe Download
Anomalous File Download
Activité suspecte du SMB
Multiple Unusual File Uploads
Suspicious SMB Read/Write Ratio
Fast Beaconing to DGA

DARKTRACE - Mieux ensemble

Encore mieux lorsqu'il est déployé avec :
Apps
Email

Supply Chain Attack (Third Party Software Vulnerability)

Darktrace arrête les menaces provenant de la chaîne d'approvisionnement en prenant des mesures immédiates au premier signe d'activité inhabituelle et menaçante.

Sample analysis of Darktrace/Cloud
Every threat is different, but here are some unusual patterns Darktrace/Cloud might assess when revealing this type of attack:
Balisage SSL vers un nouveau endpoint
Multiple Uncommon New Credentials on Device
New or Uncommon Service Control
Anomalous SMB Followed By Multiple Model Breaches
Anomalous SMB to New or Unusual Locations

DARKTRACE - Mieux ensemble

Encore mieux lorsqu'il est déployé avec :
Email
BLOG

Anatomy of an insider breach originating from a contractor's laptop

BLOG

Menaces d'initiés, chaînes d'approvisionnement et IoT : Décortiquer une cyber-attaque moderne

Crypto-Mining

Malicious crypto-mining is notoriously difficult to detect, and can exploit cloud platforms at great cost to the organizations deploying them.

Darktrace shines a light on open ports and internet-facing devices you didn’t know about, and detects the first stages of an attack before crypto-mining can even begin. It also alerts to crypto-mining activity itself, and can be configured to stop the activity autonomously.

Sample analysis of Darktrace/Cloud
Every threat is different, but here are some unusual patterns Darktrace/Cloud might assess when revealing this type of attack:
Crypto Currency Mining Activity
Slow Beaconing Activity to External Rare
Suspicious Beacons to Rare PHP Endpoint
SMB Drive Write

Credential Harvesting

Credential stuffing is a type of brute-force attack that relies on automated tools to test large volumes of stolen usernames and passwords across multiple sites until one works.

In the cloud space, Darktrace can detect credential stuffing through a number of unusual behaviors - and respond to the account following it.

Sample analysis of Darktrace/Cloud
Every threat is different, but here are some examples of unusual behaviors Darktrace may detect to uncover a credential harvesting attack:
Anomalous Uncrypted Credential Over HTTP
Kerberos Username Bruteforce
Unusual External Source for Credential Use
Darktrace may then detect the following unusual indicators of attack immediately following a successful credential harvesting attack:
Spike in Compute Resources Created
Unusual AWS Policy Attachment
...

DARKTRACE - Mieux ensemble

Encore mieux lorsqu'il est déployé avec :
Apps
Email
Cloud

Fusions et acquisitions

Darktrace/Cloud makes it simple to incorporate new cloud environments into your company infrastructure without opening vulnerabilities.

Sample analysis of Darktrace/Cloud
Every threat is different, but here are some unusual patterns Darktrace/Cloud might assess when revealing an attack related to mergers & acquisitions:
Sustained SSL and HTTP Increase
ICMP Address Scan
Uncommon WMI Activity
Numeric Exe Download
Anomalous File Download
Activité suspecte du SMB
Multiple Unusual File Uploads
BLOG

L'avenir de la cybersécurité : Les attaques de la chaîne d'approvisionnement en logiciels deviendront une évidence en 2022.

BLOG

Détecter et répondre à Log4Shell dans la nature

Bonne nouvelle pour votre entreprise.
Mauvaise nouvelle pour les méchants.

Commencez votre essai gratuit

Commencez votre essai gratuit

Livraison flexible
Cloud-based deployment.
Installation rapide
Une heure seulement pour la mise en place - et encore moins pour un essai de sécurité du courrier électronique.
Choisissez votre voyage
Essayez Self-Learning AI là où vous en avez le plus besoin - y compris dans le cloud, sur le réseau ou par courriel.
Aucun engagement
Accès complet à Darktrace Threat Visualizer et à trois rapports sur mesure sur les menaces, sans obligation d'achat.
For more information, please see our Privacy Notice.
Thanks, your request has been received
A member of our team will be in touch with you shortly.
YOU MAY FIND INTERESTING
Five Key Takeaways from Black Hat 2023
Hives & Frankensteins: The Half-Year Threat Report
Oups ! Un problème est survenu lors de la soumission du formulaire.

Obtenez une démo

Livraison flexible
Vous pouvez l'installer virtuellement ou avec du matériel.
Installation rapide
Une heure seulement pour la mise en place - et encore moins pour un essai de sécurité du courrier électronique.
Choisissez votre voyage
Essayez Self-Learning AI là où vous en avez le plus besoin - y compris dans le cloud, sur le réseau ou par courriel.
Aucun engagement
Accès complet à Darktrace Threat Visualizer et à trois rapports sur mesure sur les menaces, sans obligation d'achat.
For more information, please see our Privacy Notice.
Merci ! Votre soumission a été reçue !
Oups ! Un problème est survenu lors de la soumission du formulaire.