City of Las Vegas
Darktrace’s full Cyber AI Loop gives us confidence. We know we have an AI teammate that is continually learning how our entire ecosystem operates, strengthening our defenses and looking out for any abnormal activity.
At a glance:
· Uses the entire Cyber AI Loop to prevent, detect, respond, and heal from cyber-attacks
· Darktrace coverage extends across network, OT, cloud, email, and beyond
· Turned to Darktrace HEAL™ to improve cyber readiness and recovery
Using AI to Keep up with Innovation
The City of Las Vegas is an internationally recognized brand, and as such, protecting its diverse and complex digital environment from cyber disruption is a top priority. As it gears up to host global sporting events, including major NFL and NHL games as well as its debutF1 Grand Prix, its cyber security leadership anticipates an uptick in malicious activity from those seeking to interfere with proceedings or gain financially.
Protecting the city’s digital assets is essential for ensuring these major events run smoothly and that the trust ofLas Vegas’ citizens and visitors is maintained. The city’s Chief Innovation andTechnology Officer, Michael Sherwood, has been a proponent of the use of Darktrace’s AI for nearly a decade. “Every cyber-attack is different,” he said,“and there will never be enough human staff to defend against the variety of threats in today’s landscape.”
The city needed a technology stack that could not only save its cyber security team human-hours in threat investigation and response, but go further, spotting the subtle signs of emerging cyber incidents while still in their early stages.
An Evolving Partnership
The City of Las Vegas was an early Darktrace customer, adopting Darktrace DETECT™ for instant visibility of cyber-attacks on its network. With an evolving understanding of the city’s unique digital infrastructure, the AI has unmasked significant threats that deviated from ‘normal’ network behavior – including novel threats that flew under the radar of traditional, signature-based tools.
Upon seeing remarkable results, the city expanded Darktrace’s coverage to its cloud infrastructure, email systems, and industrial networks. It also brought on additional capabilities such as Darktrace’s autonomous response technology, Darktrace RESPOND™ – allowing for 24/7 protection from cyber disruption with targeted AI-powered containment of threats.
In 2022, the city deployed Darktrace PREVENT™ to proactively get ahead of threats, identifying potential weaknesses in its attack surface ahead of time and hardening defenses around critical assets and attack paths. The following year, the city closed the Cyber AI Loop with the adoption of Darktrace HEAL™, a tool to improve cyber readiness and recovery post-incident.
Over time, Sherwood’s staff have embraced and developed a trust in the AI-driven technology that Darktrace provides, allowing the AI to take on the day-to-day tasks and giving his staff the freedom to spend time on more strategic, higher-level work.
Being Ready and Recovering with HEAL
The City of Las Vegas uses HEAL to get real-time awareness of its readiness for a cyber-attack – using Darktrace AI’s understanding of its systems to know how prepared its people and the rest of its technology stack is for an incident. Sherwood explained that “with HEAL as part of our portfolio, we can simulate cyber incidents, which helps us practice and prepare, bringing our team to a higher level before an attack happens.”
Prior to installing HEAL, the City of LasVegas relied on a combination of tabletop exercises, and static playbooks for incident management. Now, in the face of an emerging incident, HEAL creates bespoke,AI-generated playbooks to allow the security team to respond based on precise incident details – rather than a one-size-fits-all static playbook that can’t adapt to the exact real-world scenario.
Equipped with HEAL, the IT staff can get back into “recovery mode” quicker once an attack takes place. Sherwood stated that “the AI helps us understand the event and brings our systems back online, reducing disturbance to our business operations.” HEAL provides Sherwood’s staff with automated readiness analysis, incident simulations, and incident reports. It also provides the team with a secure, centralized communications channel, and automatically generated detailed, timelined reports noting every action (manual or automated)taken during a cyber incident – which has significant time saving potential, particularly for compliance and audit purposes.
Crucially, HEAL takes information from and feeds back into the rest of Darktrace’s capabilities: PREVENT, DETECT, andRESPOND. These AI engines with dynamically related capabilities all feed into each other, autonomously, to systematically improve the city’s overall cyber resilience.
“Having Darktrace with us at every stage of an incident lifecycle is so important,” Sherwood said. “Having AI that knowsthe nuances of our digital environment helps us ward off cyber disruption and keep the city in operation.”