UK-based Darktrace, a cyber security startup that leverages machine learning and mathematics to detect threats, announced on Tuesday that it has extended its self-learning threat detection technology to virtualized environments.
The company offers a so called “Enterprise Immune System” that detects previously unknown threats using machine learning and mathematics technology developed at the University of Cambridge.
Deployed within an appliance installed inside an enterprise network, Darktrace says that its “self-learning” software can now gain visibility into virtualized environments, including third-party cloud environments.
The Darktrace platform leverages lightweight, host-based server agents (OS-Sensors) that complement its vSensors, virtual appliances configured to receive a SPAN for the virtual network switch.
The company explains that its OS-Sensors work by extracting copies of network traffic for analysis by the Darktrace appliance, giving the system a view of lateral information flow within the cloud, as well as within the physical network activity.
With complete visibility into cloud and on-premise network data, the solution creates only single copies of network traffic, avoiding data duplication. Additionally, the OS-Sensors can be easily installed onto virtual machines, without requiring access to the physical server, and can be configured to see all or selected cloud traffic, Darktrace said.
Darktrace's OS-Sensors are compatible with popular cloud hosting services including Amazon Web Services, Google’s Cloud Platform, Rackspace and Microsoft Azure.
The company explains on its website that its platform “models patterns of life for each user and machine” to detect normal and abnormal behaviors as they emerge, without already knowing what it is looking for, and calculate the probability of threat based on the detection of behavioral anomalies.
In April 2015, the company launched a solution designed to detect threats within Industrial Control Systems (ICS) environments. The company said that its “Industrial Immune System” leverages Darktrace's machine learning and mathematics in both operational technology (OT) and corporate environments to detect advanced cyber attacks and “subtle” insider threats targeting Industrial Control Systems, including SCADA (supervisory control and data acquisition) devices.
Founded in 2013 by senior members of the UK' GCHQ and other intelligence agencies, DarkTrace is headquartered in Cambridge, UK and San Francisco, with offices in London, Milan, New York, Auckland, Boston, Chicago, Dallas, Los Angeles, Mumbai, Paris, Seoul, Singapore, Sydney, Tokyo, Toronto and Washington D.C.