Filtering out digital toxins: Why the American Kidney Fund chose Darktrace RESPOND
The nonprofit American Kidney Fund works on behalf of the 37 million Americans living with kidney disease, and the millions more at risk, with an unmatched scope of programs that support people wherever they are in their fight against kidney disease. With programs of prevention, early detection, financial support, disease management, clinical research, innovation and advocacy, no kidney organization impacts more lives than AKF.
Our work is critical, and we want to minimize any disruption that would jeopardize our ability to serve the large community that relies on us. A big part of that is the need to reduce cyber risk.
During my 25 years in the cyber security sector, I have seen how the threats have evolved in complexity and how they have increased exponentially. Five years ago, we were more concerned with malware and phishing. Now, we worry about vulnerability to novel ransomware and other cyber-attacks, especially with the sale of ransomware on the dark web that enables people to deploy attacks without writing a single line of code.
Another major concern comes from supply chain attacks. Like many groups since the start of the global pandemic, we have increased our use of cloud-based applications and have invited external guests to collaborate with us through them. Third parties, however, might be logging into these platforms with less security than our team has on our side. That means that any time we give third parties access to cloud applications we use, we must have the right set of security tools to cover that platform and detect those threats.
In the cyber security industry, software typically lags behind the threats. To keep up with the increasingly aggressive cyber-crime landscape, CIOs have got to start thinking offensively instead of defensively. Darktrace is one of the tools we use to do just that.
We have deployed Darktrace/Email and Darktrace/Apps. This covers our team’s collaboration platforms for every mailbox and every license across the enterprise, including our Office 365 environment. It’s a comprehensive footprint of cyber security protection for some of those critical areas where phishing risks and ransomware attacks typically are introduced into an organization.
While searching for ways to bolster our security stack, we looked at the granular details to find the tool that was best in detection, action, and preventative threat capabilities. Darktrace hits all three of them.
Receiving priority treatment from Self-Learning AI
Darktrace’s unique approach to cyber security is its Self-Learning AI, which learns each organization so that it can identify what is normal and what is a threat. While other Managed Detection Response (MDR) environments centralize their AI by collecting risks from multiple sources and piping those into a database, Darktrace treats every customer environment as its own database. That’s what makes it such an effective tool.
Our email environment is different from that of another organization, and Darktrace learns the specific nuances of our senders, recipients, and messaging flow. It leverages this data to hone a faster and more tailored response against threats because it is not competing with any other customer’s environment. This focus enables the hyper-specific actions of Darktrace to neutralize novel attacks that are outside of each organization’s usual “pattern of life,” without interrupting business operations.
Tailoring settings to fit our needs
Darktrace’s individualized approach not only informs the AI’s behavior, but also extends to how my security team can tailor Darktrace settings to act within our desired parameters. In this way, Darktrace gives us more control while leveling the playing field against threat actors. For example, we can configure the thresholds to my team’s chosen levels to minimize tripping alarms with false positives and maximize authentic alerts.
This customization also relates to my favorite feature of Darktrace: the ability to geo-block at the IP level. We already apply geo-IP blocks at our firewalls, VPNs, secure portals, and public websites. Darktrace complements our security stack and allows us to do it in our messaging and collaboration platforms, like Microsoft Teams.
We set up an exception domain list to allow companies that we work with from risky geographical locations to flow through our blocks so we can conduct our normal digital operations.
Protecting us while we protect our patients
Computer scientists throughout history have written algorithms to make tasks more automated and efficient, and Darktrace engineers have done just that with cyber security. Darktrace saves my team an immense amount of labor and time that we don’t have to spend by keeping our digital infrastructure safe.
When thinking of corporate security and resilience, I am reminded of the quote by William Shakespeare: “Hell is empty and the devils are here.” In today’s cyber security risk environment, it’s not a matter of if cyber criminals will attempt to penetrate your corporate network, it’s a matter of when.
You’ve got to have the right tools to take offensive and defensive actions, especially when it comes to phishing and ransomware attempts, which traditionally come through email and messaging platforms. Darktrace is an invaluable tool within our arsenal that helps us handle these threats.
Gregory Smith is the American Kidney Fund’s Chief Information Officer and a veteran in the IT sector. With over a quarter of a century of experience, Smith has published three IT management and leadership books with content that includes the topic of cyber security and currently serves as a graduate school professor at Georgetown University in Washington D.C.