AAA Washington

AAA Washington is continually examining its capabilities to address risk in the organization. A few years ago, the organization looked to reduce a risk had in its security monitoring. In essence, AAA Washington only actively monitored for malicious activity during typical working hours and had minimal capabilities to respond to a cyber security event during off-hours.

"We looked at what we could do to fill that gap," said Ron Nichols, Senior Information Security Analyst at AAA Washington. "Although we were advised to engage a managed service SOC, we saw many drawbacks. We knew that we would be competing for priority with other clients of the SOC provider, but we were skeptical of the extent to which the provider's technicians would ever completely understand our environment."
"Once we saw Darktrace, it was a no brainer to go that route. It was simple to deploy, effective in our needs for monitoring and resonse, and it provided us with a single pane of glass where I could see all the information I needed and investigate activity."

AAA Washington implemented Darktrace, with Autonomous Response initially set in Human Confirmation mode, where its actions must be first approved by the security team. In the first week of deployment, Darktrace provided the information security team with insight into activity they were not aware of. For instance, it revealed that every other night their back-up solution was shipping significant amounts of data to the vendor's datacenters.

"We thought we knew our environment, but Darktrace provided insight into aspects of our network that we weren't aware of, and added to our knowledge base about what was going on," commented Nichols.

As the AI built a more comprehensive picture of AAA Washington's digital estate and the accuracy of its recommendations improved, the security team entrusted the technology to take autonomous actions in certain areas of the digital environment. For over two years, Darktrace has not taken an autonomous action that was undesirable, which has continually increased the organization's trust in autonomous action.

As AAA Washington moved into a hybrid cloud environment, the security team feared losing the level of protection and visibility their on-premises Darktrace solution had given them. In response, the security team utilized the SaaS Modules for Microsoft 365 and other cloud platforms. By deploying this capability, AAA Washington has realized the same visibility and protections in its cloud environment as it enjoyed and relied upon for its on-premises systems. The security team is able to effectively monitor and respond to suspicious and malicious activities on a 24/7 basis, even as the business computing environment shifted.

One of the outcomes of the pandemic was the move to remote work for all of AAA Washington's workforce.

This also meant that the monitoring capabilities that the security team had were diminished as many workstations were not coming into the VPN for on-premises resources.
AAA Washington needed to strengthen its endpoint protection in this environment and the security team turned to Darktrace for Endpoint. This capability extended the coverage of Darktrace's Self-Learning AI to cover these remote devices, protecting remote workers from threats like data loss and ransomware with an additional layer of visibility and targeted action.