Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Cloud Security

Darktrace Brings Threat Detection Platform to Third-Party Clouds

UK-based Darktrace, a cyber security startup that leverages machine learning and mathematics to detect threats, announced on Tuesday that it has extended its self-learning threat detection technology to virtualized environments.

UK-based Darktrace, a cyber security startup that leverages machine learning and mathematics to detect threats, announced on Tuesday that it has extended its self-learning threat detection technology to virtualized environments.

The company offers a so called “Enterprise Immune System” that detects previously unknown threats using machine learning and mathematics technology developed at the University of Cambridge.

Darktrace Logo

Deployed within an appliance installed inside an enterprise network, Darktrace says that its “self-learning” software can now gain visibility into virtualized environments, including third-party cloud environments.

The Darktrace platform leverages lightweight, host-based server agents (OS-Sensors) that complement its vSensors, virtual appliances configured to receive a SPAN for the virtual network switch.

The company explains that its OS-Sensors work by extracting copies of network traffic for analysis by the Darktrace appliance, giving the system a view of lateral information flow within the cloud, as well as within the physical network activity.

With complete visibility into cloud and on-premise network data, the solution creates only single copies of network traffic, avoiding data duplication. Additionally, the OS-Sensors can be easily installed onto virtual machines, without requiring access to the physical server, and can be configured to see all or selected cloud traffic, Darktrace said.

Darktrace’s OS-Sensors are compatible with popular cloud hosting services including Amazon Web Services, Google’s Cloud Platform, Rackspace and Microsoft Azure.

Advertisement. Scroll to continue reading.

The company explains on its website that its platform “models patterns of life for each user and machine” to detect normal and abnormal behaviors as they emerge, without already knowing what it is looking for, and calculate the probability of threat based on the detection of behavioral anomalies.

In April 2015, the company launched a solution designed to detect threats within Industrial Control Systems (ICS) environments. The company said that its “Industrial Immune System” leverages Darktrace’s machine learning and mathematics in both operational technology (OT) and corporate environments to detect advanced cyber attacks and “subtle” insider threats targeting Industrial Control Systems, including SCADA (supervisory control and data acquisition) devices.

Founded in 2013 by senior members of the UK’ GCHQ and other intelligence agencies, DarkTrace is headquartered in Cambridge, UK and San Francisco, with offices in London, Milan, New York, Auckland, Boston, Chicago, Dallas, Los Angeles, Mumbai, Paris, Seoul, Singapore, Sydney, Tokyo, Toronto and Washington D.C.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.