Darktrace today announced the launch of Darktrace / Forensic Acquisition & Investigation, the industry’s first truly automated cloud forensics solution. The solution provides security teams immediate access to forensic-level data, equipping them with critical context to investigate threats quickly and thoroughly across hybrid, multi-cloud and on-premises environments.
Darktrace / Forensic Acquisition & Investigation is an automated forensic investigation solution designed for the speed and complexity of modern cloud environments. It captures and analyzes host-level evidence — including disk, memory, and logs — at the exact moment a threat is detected, even from short-lived assets such as containers or serverless workloads. These investigations can be triggered by Darktrace or by detections from existing cloud security tools.
Unlike point solutions that depend on manual snapshots or agents, Darktrace collects evidence directly through cloud APIs, ensuring investigations begin instantly, and critical data from ephemeral workloads is never lost. By preserving volatile data and reconstructing attacker behavior in real time, the solution adds critical context to everyday investigations, enabling security teams to understand root causes quickly and shorten investigation times from days to mere minutes — a critical advantage as over 40% of organizations report suffering significant damage from cloud alerts that were never investigated at all.
This solution represents the evolution of capabilities gained through Darktrace’s acquisition of Cado Security earlier this year, alongside continued research and development investment to expand and advance Darktrace’s cloud security portfolio.
Darktrace / Forensic Acquisition & Investigation can be deployed as a standalone product, giving new customers immediate access to automated cloud forensics to support SOC and incident response teams in their day-to-day management of cloud security threats, or integrated across the Darktrace ActiveAI Security Platform for end-to-end investigations and response across an organization’s entire digital estate. It is particularly powerful when paired with Darktrace / CLOUD, where the two solutions bring together real-time cloud detection and response and forensic-level investigation in a single workflow.
When paired with the newly enhanced Darktrace / CLOUD, organizations gain a complete cloud security solution that combines posture management with real-time detection, response and forensic investigation – potentially reducing investigation times from days to mere minutes. Together, both solutions work seamlessly to detect threats as they emerge and preserve the forensic evidence needed to investigate them. As Darktrace / CLOUD detects and blocks suspicious cloud activity, Darktrace / Forensic Acquisition & Investigation will capture disk, memory, and log data from the affected asset, allowing teams to immediately contain threats while preserving the critical evidence needed to investigate and remediate the incident.
Alongside this integration, Darktrace has strengthened its core cloud capabilities to make investigations even faster and more intuitive. Enhancements include more intuitive cloud architecture diagrams that make complex environments easier to interpret, along with expanded detection of advanced attacker techniques such as lateral movement, command-and-control, and privilege escalation.
When uniting threat detection, response, and automated forensics in one platform, security teams can shift cloud investigations from reactive and fragmented to fast, automated, and context-rich — enabling organizations to harness the benefits of the cloud while effectively mitigating risks.
“Cloud adoption has unlocked extraordinary opportunities for innovation but has also created new challenges and blind spots for security teams,” said Connie Stride, Senior Vice President of Product, Darktrace. “By bringing pioneering forensic technology into the Darktrace platform, we’ve combined industry-leading cloud detection, autonomous response, and automated forensics in one place. This transforms how organizations can defend the cloud – delivering forensic-level clarity in minutes, ensuring access to essential data before it disappears, and empowering every security team to respond decisively against modern cloud threats.”
Availability
Darktrace / Forensic Acquisition & Investigation, the integrations across the Darktrace ActiveAI Security Platform and new features in Darktrace / CLOUD are available now.
