To deliver great experiences at the speed of demand, HARMAN drives a fast-paced culture of innovation and execution. The $11 billion market leader recognizes the critical importance of safeguarding its vast network of data, communications, and intellectual property. With their threat detection and response limited to the perimeter of their infrastructure, HARMAN needed to invest in a cybersecurity strategy that would not only protect their network, but also ensure the safety of their employees, partners and customers.

Lack of network visibility creates risk and impacts efficiency

While HARMAN was using an endpoint detection and response (EDR) solution to secure their endpoints, they didn’t have a solution monitoring their vast network flows. Instead, skilled analysts were performing threat detection and response manually, essentially relying on their own instincts to determine unusual or suspicious activity. “We had no choice but to focus on the reactive side of cybersecurity – monitoring and triaging overwhelming volumes of data and alerts,” said Thomas Blanchet, VP Digital Enterprise, Cloud & Cybersecurity for HARMAN International. “There was little time left to focus on more proactive strategies to drive greater cyber resiliency.”

With news coverage of cyber-attacks happening every day – across markets and even to HARMAN’s peers, customers and suppliers, Blanchet knew they needed a more sophisticated approach to cybersecurity. “Cyber-attacks will only continue to grow in volume and sophistication. Our manual approach to threat detection and response left us highly vulnerable to cyber-attacks and could never scale with the needs of our business,” said Blanchet.

Phishing attacks slip through native email defenses

With 33,000 employees and millions of customers around the world, HARMAN manages ~40 million emails each month. Despite fine-tuning the security filters within their native email solution, HARMAN continued to see a significant number of phishing emails slipping through the filters and into employees’ inboxes. Blanchet said there were instances of employees clicking on malicious links and divulging their credentials, most likely to be sold on the dark web, which put both the employees and the company at risk.    

Recognizing the critical importance of safeguarding its vast network of data, communications and intellectual property from cyber threats, HARMAN made the strategic decision in 2019 to invest in Darktrace / NETWORK for threat detection and response. Blanchet cited several reasons for choosing Darktrace over the competition, including its powerful and unique Self-Learning AI and behavioral analytics, the full visibility it provides across their networks, and the fact that Darktrace supports cloud-based solutions. In 2021, HARMAN also implemented Darktrace / EMAIL to fortify their email security, automate email threat detection and response, and free skilled analysts to work on more proactive security initiatives.

AI and behavioral analytics

With thousands of employees, millions of emails and massive volumes of data flowing through HARMAN’s networks daily, Darktrace’s Self-Learning AI offered HARMAN real-time, adaptive threat detection and proactive defenses to reduce the risk of breaches and data exfiltration. Darktrace AI has the unique capability to learn about HARMAN’s operations and users and establish a baseline of what it considers ‘normal’ behavior. From new and emerging threats to real-time suspicious user activity, Darktrace AI can automatically detect any behavior that falls outside of the established baseline and then either respond autonomously or alert a security analyst to investigate.

Risk mitigation and cost avoidance

Blanchet says when he presented Darktrace / EMAIL to HARMAN’s senior leadership committee, including their CEO, he explained the unique value of Self-Learning AI for risk mitigation. “They were all aware of how damaging cyber-attacks have been on companies’ reputations, stock value, revenue, supply chains and more. So, when I explained the benefits of Darktrace, they understood the value proposition and why it was so important to the business.” In addition to avoiding costs, HARMAN’s investment in cutting-edge cybersecurity capabilities, such as Darktrace’s Autonomous Response, would free skilled security analysts to focus on more proactive and strategic initiatives, and deliver resilient and future-proof cyber defenses.

By using Darktrace to autonomously detect and respond to emerging threats across their global digital ecosystem, HARMAN has strengthened its approach to cybersecurity and significantly reduced its exposure to risk. Using Self-Learning AI to automate most of their network and email threat detection and response efforts, security analysts can work on more proactive security measures like vulnerability management and incident preparedness.

Fortifying email security

HARMAN averages 40 million emails each month. “Using Darktrace, we are blocking ~77.2% of all email flowing within the organization – both malicious and other categories of email we have chosen to classify as spam. That means only 23% of all email is getting through and we know they are legitimate emails. That is quite impressive,” said Blanchet. Before using Darktrace, phishing threats were a significant risk to HARMAN. Within the first session during the trial period, Darktrace was already identifying malicious emails the team didn’t even know were getting through. “In the first week, Darktrace stopped several phishing attacks. Since then, the number of phishing emails making it to our users’ inboxes is near zero,” said Blanchet.

Fortifying network security

Since replacing HARMAN’s manual approach to threat detection and response with Darktrace, Blanchet said, “we have significantly reduced our mean time to contain (MTTC) from a previous average of 30 minutes to now less than five minutes when an analyst is involved in the investigation, and, if fully automated, down to less than one minute.”

Even with an army of people in their SOC, this level of performance would be impossible, said Blanchet. “The information we get from Darktrace allows us to trust what we're seeing and to make a decision to contain something without spending an hour investigating.” HARMAN has a very aggressive policy when it comes to containing potential threats, preferring to stop a potential threat in its tracks versus waiting until there is damage or the threat spreads laterally. “A cyber-attack can shut down a company in 20-30 minutes. Darktrace’s machine learning and AI enable us to be extremely fast and efficient with our investigation and response.”

Boosting analyst efficiency and value to the business

With Darktrace, HARMAN’s security team has gone from having no visibility into network activity to full transparency. Blanchet said having complete visibility is invaluable, but at the same time, to be efficient it’s important to determine a scalable policy around when to bring a human into the loop. “You need to have a minimum of triage, a range that considers what your company identifies as a threat. That is something Darktrace does very well,” says Blanchet. Based on HARMAN’s unique network activity and the priority categories they established, Darktrace will alert security analysts when it identifies something critical they should immediately investigate. Today, Blanchet says they only receive 15-20 of those alerts each day, and Darktrace / NETWORK provides their analysts with critical and actionable insights into those potential threats so they can investigate and respond faster.

Unifying threat detection and response across IT and OT  

As HARMAN continues to evolve their cybersecurity strategy, Blanchet says they expect to work with Darktrace on a few upcoming projects. First, they would like to install more Darktrace sensors along their manufacturing infrastructure. “It is all about visibility. The more sensors we have the more granular we can be with our data.” With increased granularity, HARMAN can gain even deeper insights into their infrastructure and what steps they can take to minimize vulnerabilities while maximizing performance and efficiencies. Second, HARMAN is continuing to increase its cloud footprint and believes Darktrace / OT will play a significant role in securing those systems. Lastly, Blanchet says now that HARMAN’s manufacturing IT environment is secure, they want to turn the focus to HARMAN’s operational technology (OT) infrastructure. “We are very interested in Darktrace’s new OT solution built specifically to secure critical infrastructure. We hope to eventually unify visibility and threat detection and response across our IT and OT to further strengthen our cyber resilience.”