Darktrace/Cloud Use Cases

Embrace the cloud, manage the risks.

Operating in a cloud or hybrid environment can introduce risk from both external and internal sources. Darktrace/Cloud is built to address threats across your entire cloud infrastructure.

初期の侵入

Darktrace has revealed well-known exploits such as Log4J, Hafnium, Kaseya, as well as thousands of lesser-known exploits on a regular basis.

Sample analysis of Darktrace/Cloud
Every threat is different, but here are some unusual patterns Darktrace/Cloud might assess when revealing this stage of attack:
異常な着信RDP
Unusual File Download
Unusual .exe File Torrenting
アプリケーションプロトコルから非共有ポート
新たなエンドポイントへの大量接続

DARKTRACE - Better Together

これらと共に導入すると、より効果的:

足掛かりの確立とビーコン

攻撃者がデバイスと接触し、遠隔操作を試みる際、Darktraceはわずかな異常を自律的につなぎ合わせます。

Sample analysis of Darktrace/Cloud
Every threat is different, but here are some unusual patterns Darktrace/Cloud might assess when revealing this type of attack:
Beaconing to a Young Endpoint
Anomalous File Downloads
Unusual Data Download / Upload
Beaconing Activity to External Rare Endpoint
Connections to Unusual Endpoint

Darktrace RESPOND/Cloud neutralizes this activity blocking specific connections or enforcing the ‘pattern of life’

ラテラルムーブメント

As an attacker begins to increase their knowledge of the network, perform scans, and escalate their privileges - for instance by obtaining admin credentials, DETECT/Cloud correlates thousands of data points.

Sample analysis of Darktrace/Cloud
Every threat is different, but here are some unusual patterns Darktrace/Cloud might assess when revealing this stage of attack:
異常なSMB列挙
不審なネットワークスキャンの動き
異常な管理者SMBまたはRDPセッション
New or Uncommon Service Control
通常とは異なるSSH

Darktrace RESPOND/Cloud neutralizes this activity blocking specific connections or enforcing the ‘pattern of life’

データ漏えい

Whether smash and grab or a low and slow, DETECT/Cloud identifies subtle deviations in activity.

Sample analysis of Darktrace/Cloud
Every threat is different, but here are some unusual patterns Darktrace/Cloud might assess when revealing this type of attack:
異常なSMBトラフィック
Uncommon 1 GiB Outbound
Data Sent to Rare Domain
Unusual External Data Transfer
Unusual Data Download / Upload to Rare Destination

Darktrace RESPOND/Cloud neutralizes this activity blocking specific connections or enforcing the ‘pattern of life’

データ暗号化

対称型、非対称型に関わらず、暗号化を行うために使い慣れたツールや方法が使用されていても、Darktraceは静的なルールや署名を使用せずにアクティビティを自動検知します。以下のような異常な動作を識別します。

Sample analysis of Darktrace/Cloud
Every threat is different, but here are some unusual patterns Darktrace/Cloud might assess when revealing this stage of attack:
Additional Extension Appended to SMB File
不審なSMB読み書きの割合
Sustained MIME Type Conversion
身代金要求の可能性
SMBの不審な動き

DARKTRACE - Better Together

これらと共に導入すると、より効果的:

Darktrace RESPOND/Cloud neutralizes this activity blocking specific connections or enforcing the ‘pattern of life’

Insider Threat

悪意のある退職者であれ、会社の方針を無視した不注意な従業員であれ、Darktraceは通常の生活パターンを理解しているため、脅威を内部から食い止めることができるのです。

Sample analysis of Darktrace/Cloud
Every threat is different, but here are some unusual patterns Darktrace/Cloud might assess when revealing this type of attack:
SSLとHTTPの持続的な増加
ICMPアドレススキャン
一般的でないWMIアクティビティ
多数のEXEダウンロード
悪意のあるファイルのダウンロード
SMBの不審な動き
複数の異常なファイルアップロード
不審なSMB読み書きの割合
DGAへの高速ビーコン

DARKTRACE - Better Together

これらと共に導入すると、より効果的:

サプライチェーン攻撃(サードパーティソフトウェアの脆弱性)

Darktraceは、異常かつ脅威をもたらす活動の最初の兆候に直ちに対処することで、サプライチェーンから生じる脅威を阻止します。

Sample analysis of Darktrace/Cloud
Every threat is different, but here are some unusual patterns Darktrace/Cloud might assess when revealing this type of attack:
SSL Beaconing to New Endpoint
Multiple Uncommon New Credentials on Device
New or Uncommon Service Control
Anomalous SMB Followed By Multiple Model Breaches
Anomalous SMB to New or Unusual Locations

DARKTRACE - Better Together

これらと共に導入すると、より効果的:

クリプトマイニング

Malicious crypto-mining is notoriously difficult to detect, and can exploit cloud platforms at great cost to the organizations deploying them.

Darktrace shines a light on open ports and internet-facing devices you didn’t know about, and detects the first stages of an attack before crypto-mining can even begin. It also alerts to crypto-mining activity itself, and can be configured to stop the activity autonomously.

Sample analysis of Darktrace/Cloud
Every threat is different, but here are some unusual patterns Darktrace/Cloud might assess when revealing this type of attack:
暗号通貨のマイニング活動
スローなビーコン活動を外部の稀な宛先へ
疑わしいビーコンを稀なPHPエンドポイントへ
SMB Drive Write

クレデンシャルハーベスティング

Credential stuffing is a type of brute-force attack that relies on automated tools to test large volumes of stolen usernames and passwords across multiple sites until one works.

In the cloud space, Darktrace can detect credential stuffing through a number of unusual behaviors - and respond to the account following it.

Sample analysis of Darktrace/Cloud
Every threat is different, but here are some examples of unusual behaviors Darktrace may detect to uncover a credential harvesting attack:
Anomalous Uncrypted Credential Over HTTP
Kerberos Username Bruteforce
クレデンシャル使用時の異常な外部ソース
Darktrace may then detect the following unusual indicators of attack immediately following a successful credential harvesting attack:
Spike in Compute Resources Created
Unusual AWS Policy Attachment
...

DARKTRACE - Better Together

これらと共に導入すると、より効果的:

M&A(企業の合併・買収)

Darktrace/Cloud makes it simple to incorporate new cloud environments into your company infrastructure without opening vulnerabilities.

Sample analysis of Darktrace/Cloud
Every threat is different, but here are some unusual patterns Darktrace/Cloud might assess when revealing an attack related to mergers & acquisitions:
SSLとHTTPの持続的な増加
ICMPアドレススキャン
一般的でないWMIアクティビティ
多数のEXEダウンロード
悪意のあるファイルのダウンロード
SMBの不審な動き
複数の異常なファイルアップロード
該当する項目はありません。
Our ai. Your data.

Elevate your cyber defenses with Darktrace AI

無償トライアルを開始
Darktrace AI protecting a business from cyber threats.