Darktrace, a global leader in AI for cybersecurity, announced the launch of Darktrace / Forensic Acquisition & Investigation, the industry’s first truly automated cloud forensics solution. The solution provides security teams immediate access to forensic-level data, equipping them with critical context to investigate threats quickly and thoroughly across hybrid, multi-cloud and on-premises environments. When paired with the newly enhanced Darktrace / CLOUD, organizations gain a complete cloud security solution that combines posture management with real-time detection, response and forensic investigation – potentially reducing investigation times from days to mere minutes.
Cloud adoption has outpaced security operations, creating blind spots that adversaries are quick to exploit. Nearly 90% of organizations report suffering damage before they can contain cloud incidents, and 65% say investigations take three to five days longer in the cloud compared to on-premises environments, according to a survey of 300 cloud security decision makers. Traditional log-based alerts miss behaviors such as lateral movement or privilege escalation, while evidence from ephemeral assets like containers and serverless functions often disappears before it can be collected — leaving security teams struggling to respond effectively.
At the same time, attacks against cloud workloads are increasingly aggressive. New analysis of Darktrace’s Cloudypot honeypots3 reveals that attacks on tools like Jupyter Notebooks often arrive in sudden bursts, generating high volumes of attacks in a short period of time from a small group of persistent attackers. These findings highlight that when adversaries target the cloud, they strike quickly and at scale, leaving defenders little time to investigate before critical evidence disappears.
Cyber Technology Insights : Trackforce Introduces ReportPro AI to Transform Security Incident Reporting
Introducing Darktrace / Forensic Acquisition & Investigation
Darktrace / Forensic Acquisition & Investigation is an automated forensic investigation solution designed for the speed and complexity of modern cloud environments. It captures and analyzes host-level evidence — including disk, memory, and logs — at the exact moment a threat is detected, even from short-lived assets such as containers or serverless workloads. These investigations can be triggered by Darktrace or by detections from existing cloud security tools.
Unlike point solutions that depend on manual snapshots or agents, Darktrace collects evidence directly through cloud APIs, ensuring investigations begin instantly, and critical data from ephemeral workloads is never lost. By preserving volatile data and reconstructing attacker behavior in real time, the solution adds critical context to everyday investigations, enabling security teams to understand root causes quickly and shorten investigation times from days to mere minutes — a critical advantage as over 40% of organizations report suffering significant damage4 from cloud alerts that were never investigated at all.
“Cloud investigations are notoriously complex and heavily manual, with evidence scattered across fragmented logs and ephemeral assets that often disappear before they can be collected. Darktrace’s automated cloud forensics solution represents a significant innovation leveraging the speed and scale of cloud to automatically collect, preserve and investigate volatile data at the time of detection, enabling teams to investigate faster, respond more effectively, and reduce overall business risk,” said Philip Bues, Senior Research Manager, Cloud Security & Confidential Computing, IDC.
This solution represents the evolution of capabilities gained through Darktrace’s acquisition of Cado Security earlier this year, alongside continued research and development investment to expand and advance Darktrace’s cloud security portfolio.
Key capabilities of the Darktrace / Forensic Acquisition & Investigation solution include:
- Automated hybrid forensic capture: Collects host-level data, including disks, memory, logs, and artifacts the moment an alert is raised across on-premises, AWS, Azure, GCP and SaaS environments.
- Ephemeral data capture: Preserves evidence from short-lived workloads including AWS ECS, Kubernetes, and distro-less or no-shell containers, retaining critical data so that it can be investigated.
- Automated investigation with complete timelines: Automatically reconstructs attacker behavior into unified timelines, distilling massive volumes of events into the most significant insights providing rapid clarity and root cause in minutes without manual correlation.
- Scalable response and reporting: Supports parallel investigations across multiple systems and automatically generates exportable reports to help reduce analyst workload and assist with compliance burdens.
- Rapid deployment and seamless integration: Offers flexible SaaS or on-premises deployment, and integrates with existing SIEM, XDR, CNAPP, EDR, NDR, and cloud-native tools so that any alert can trigger immediate forensic capture and investigation.
“In a cloud-first world, security teams need to be able to investigate anything, anywhere, at any time — without delay. With Darktrace / Forensic Acquisition & Investigation, what was once a highly specialized, time-consuming process is now an automated, one-click action for our team. Darktrace collects forensic-level evidence instantly, even in fast-moving cloud environments, and transforms investigative dead ends into actionable intelligence. This has drastically reduced our mean time to respond and empowered our team to shift from reactive archaeology to real-time investigation,” said Justin Dimmick, Senior Security Response Engineer, Cloudera.
Darktrace / Forensic Acquisition & Investigation can be deployed as a standalone product, giving new customers immediate access to automated cloud forensics to support SOC and incident response teams in their day-to-day management of cloud security threats, or integrated across the Darktrace ActiveAI Security Platform for end-to-end investigations and response across an organization’s entire digital estate. It is particularly powerful when paired with Darktrace / CLOUD, where the two solutions bring together real-time cloud detection and response and forensic-level investigation in a single workflow.
Cyber Technology Insights : Okta Unveils New Identity Security Fabric to Safeguard AI-Driven Enterprises and Curb Fraud
Unifying Cloud Detection, Response, and Forensic Investigation with Darktrace / CLOUD
Customers can now add Darktrace / Forensic Acquisition & Investigation capabilities to Darktrace’s leading cloud detection and response (CDR) product. With Darktrace / CLOUD, security teams benefit from:
- Autonomous detection and response: Self-Learning AI continuously monitors cloud environments to spot both known and novel threats and automatically contain them at machine speed.
- Dynamic cloud visibility: Live mapping of assets, services, and architectures to reveal blind spots, track attacker movement, and provide real-time context.
- Proactive risk management: Automated posture checks and attack path modeling that surface misconfigurations and exposures before attackers can exploit them.
“At papernest, our mission is to simplify life for our users, and security is essential to that journey. The cloud is critical to our innovation, but it also introduces risks that can be complex to manage,” said Andrea Carriero, Head of Infrastructure & Security, papernest. “We needed full-spectrum visibility and a way to cut through noise so our team could focus on real risks. Darktrace / CLOUD gives us that clarity — helping us see our entire cloud architecture, prioritize investigations, and save valuable time while keeping our platform secure. It has allowed us to embrace our proactive, security-focused culture, which is essential to unlocking continued growth.”
When adding Darktrace / Forensic Acquisition & Investigation to Darktrace / CLOUD, the solutions work together seamlessly to detect threats as they emerge and preserve the forensic evidence needed to investigate them. As Darktrace / CLOUD detects and blocks suspicious cloud activity, Darktrace / Forensic Acquisition & Investigation will capture disk, memory, and log data from the affected asset, allowing teams to immediately contain threats while preserving the critical evidence needed to investigate and remediate the incident.
Alongside this integration, Darktrace has strengthened its core cloud capabilities to make investigations even faster and more intuitive. Enhancements include more intuitive cloud architecture diagrams that make complex environments easier to interpret, along with expanded detection of advanced attacker techniques such as lateral movement, command-and-control, and privilege escalation.
When uniting threat detection, response, and automated forensics in one platform, security teams can shift cloud investigations from reactive and fragmented to fast, automated, and context-rich — enabling organizations to harness the benefits of the cloud while effectively mitigating risks.
“Cloud adoption has unlocked extraordinary opportunities for innovation but has also created new challenges and blind spots for security teams,” said Connie Stride, Senior Vice President of Product, Darktrace. “By bringing pioneering forensic technology into the Darktrace platform, we’ve combined industry-leading cloud detection, autonomous response, and automated forensics in one place. This transforms how organizations can defend the cloud – delivering forensic-level clarity in minutes, ensuring access to essential data before it disappears, and empowering every security team to respond decisively against modern cloud threats.”
Cyber Technology Insights : Onapsis Expands Platform with Advanced SAP Security Posture Capabilities
Source: globenewswire
To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com
 
				 
															 
				



