Hauraki District Council
As we get early notification and specific isolation with context, our response times are significantly better than pre-Darktrace.
Monitoring third party devices on the network
Hauraki District Council (DC) in New Zealand manages several facilities vital to the critical infrastructure in its district. The Councils Network Operations team is responsible for protecting both the physical assets and operations vital to the community's well-being. With no dedicated security team, the cybersecurity responsibility is distributed and included as a component in some existing roles. Thus, it sought a security solution that can detect and monitor third-party devices on its network and autonomously respond to threats while maintaining the continuity of its critical assets and operations around the clock.
Hauraki DC uses several small businesses to support its Operational Technology (OT). Often, these third parties don’t have the security or network skills to guarantee safety. Additionally, the contractors can operate within the OT and IT networks at any time, day or night. For the team, this means around the clock anomaly detection and autonomous response is imperative for protecting its assets when the human team is not around.
Since adopting the Darktrace ActiveAI Security Platform across its OT and email environments, the Network Operations team has benefited from the autonomous response actions taken by Darktrace, which stop threats as they emerge.
Darktrace acts autonomously or with human confirmation to stop cyber-attacks at their earliest stages. Its autonomous response capabilities can be applied across OT, SaaS, email, cloud, and more.
“We can now instantly identify and be notified when a non-Hauraki DC controlled device is on our network and is creating suspicious activity,” said Jason Mills, Network Operations Manager at Hauraki DC. “We can also autonomously stop that device until we know exactly what the activity is, and we can either remove it or let it go.”
Explainable AI decision making
When threats emerge on the network, OT devices are at risk, making autonomous, machine-speed response an essential tool for threat intervention. However, the team still needs to understand what went wrong and how to fix the issue. Darktrace doesn’t just stop threats, it provides contextualized, AI-generated reports that explain how threats emerged and maneuvered across the network.
“Not only is alerting and response important, but the Network Operations team needs contextualized events to understand how breaches emerge and travel through the network,” Mills said. “As we get early notification and specific isolation with context, our response times are significantly better than pre-Darktrace.”
Once Darktrace has discovered threat incidents facing an organization, it begins the crucial processes of triage to determine which incidents need to be surfaced to the team, and in what order of priority. This supplies the human team with a highly focused briefing of the most pressing threats, massively reducing its overall workload and minimizing or potentially eradicating alert fatigue for the security staff. These incidents are then clearly presented with natural language processing and all the most relevant info, including details, devices, and dates.
Managing autonomous response with critical assets
Darktrace works hands-on with owner-operator organizations to define the scope and nature of where autonomous response can be applied and integrated to ensure protected systems stay available and safe from threats.
Darktrace / OT can take native actions like severing connections and isolating devices. It can also integrate with firewalls and other security tools via APIs to take customized actions, ensuring that the most appropriate response is taken, and policy is enforced, wherever a threat appears.
“We have made sure any devices that aren’t explicitly excluded get tagged automatically so autonomous actions can occur if needed,” said Mills. “This has been super important when it comes to contractor devices.”
In one instance, a contractor entered the network with a laptop running a compromised Virtual Machine (VM). Darktrace instantly detected the compromised device when it entered the network, the Network Operations team was able to respond to the compromised laptop using Darktrace to block the VM while operations remained unaffected.
By effectively monitoring third-party devices on its network, Hauraki DC ensures the continuous protection of vital assets, even during non-working hours. Darktrace’s AI has significantly enhanced threat detection and intervention, allowing for swift and contextually informed decision-making by the Network Operations team. The platform’s ability to provide explainable reports supports Hauraki DC’s commitment to maintaining a secure and resilient infrastructure against evolving cyber threats.