With complex and evolving requirements, Meridian Cooperative’s critical infrastructure customers need the ability to comply with industry, security, and financial compliance standards and ensure end-to end protection from cyber threats.

Increased cyber risks for critical infrastructure

Meridian’s clients operate in the electric, gas, and water utility sectors—industries increasingly targeted by cyber-attacks. “Maintaining visibility across our clients’ hybrid and multi-cloud IT infrastructure and Operational Technology (OT) infrastructure networks is crucial for ensuring security and operational resilience," said Greg Gray, CIO of Meridian Cooperative.

Alert fatigue and a laborious investigation process

Meridian’s previous security platform relied on a rules- and signature-based system, which made threat analysis a highly manual and tedious process. Every alert held the potential to be critical, but the manual effort required to validate each one was incredibly time consuming and prone to missed threats. “It was essentially like trying to find a needle in a haystack,” said Gray.

Meridian evaluated several market-leading modern security solutions based on the following criteria:

• Comprehensive IT and OT network coverage, providing full visibility, and automated threat detection and response across clients’ networks, cloud, and email
• Federated deployment designed for Managed Security Service Providers (MSSPs)

• Real-time asset inventory and cloud security alerts

The Darktrace ActiveAI Security Platform met all of Meridian’s criteria, and today the organization is using:  

• Darktrace Cyber AI Analyst
• Darktrace / CLOUD
• Darktrace / EMAIL
• Darktrace / NETWORK

“Instead of telling you that the building’s on fire and you should go check it, Darktrace can immediately alert us and start putting out the fire in real time,” said Gray. “It’s a far superior solution than what we had previously.”

Hybrid, multi-cloud security and real-time asset inventory

During the evaluation process, Meridian was particularly impressed with Darktrace’s ability to extend its AI-powered security and visibility across its clients’ hybrid and multi-cloud IT and OT environments. Today, Meridian is using Darktrace / CLOUD to:

• Continuously monitor cloud assets in real time and provide an up-to-date inventory of all active cloud resources
• Track assets across various cloud providers and deliver a unified view of its cloud environment
• Provide detailed information about each cloud asset, including configuration details, access permissions and network connections
• Deliver real-time cloud security alerts to potential threats and vulnerabilities like misconfigurations  

“This level of visibility is critical because cloud environments can quickly become complex and costly if not managed properly.” For example, said Gray, if an Amazon Elastic Compute Cloud (EC2) instance is provisioned in Amazon Web Services (AWS) with an exposed secure shell (SSH) port, Darktrace / CLOUD will immediately alert his team to the misconfiguration so they can quickly mitigate the risk. “Additionally, Darktrace’s ability to maintain real-time asset inventories has helped us balance security with Financial Operations (FinOps) considerations – a critical factor in our decision."

Darktrace performs most of the SOC level one and level two analysis that Meridian’s analysts used to perform manually, “helping us identify those ‘needles in the haystack’ more efficiently,” said Gray. “We have decreased false positive alerts by at least 90%, which has reduced alert fatigue and enabled our team to focus on being more proactive.” Within a period of just 13 days, Cyber AI Analyst investigated and resolved potential threats and vulnerabilities that saved Meridian’s analysts nearly 500 hours of manual investigations.

Within a period of only three months, Cyber AI Analyst:

• Conducted 2,973 total investigations
• Resolved 2,819 (94.8%) of those investigations autonomously, averaging just 3 minutes and 92 seconds per response
• Escalated just 154 (6.2%) of those investigations to Meridian’s analysts for further review

When it comes to cloud security, Gray says, human error is inevitable, “but when a cloud misconfiguration does happen, Darktrace sends us a real-time alert and immediately blocks the potential threat, giving us time to coordinate with our Cloud Support team to verify the nature of the misconfiguration and mitigate the risk.”

Superior email filtering and threat mitigation

Darktrace / EMAIL caught threats Meridian’s previous email tools missed, convincing it to use Darktrace / EMAIL exclusively for all email filtering. “Over three months, our reporting showed Darktrace controlled 474 indicators of suspicious activity that posed a potential threat to our business,” said Gray. Meridian’s internal IT team initially was skeptical about leveraging Darktrace / EMAIL alone until it saw the results, “When you see a malicious email immediately ripped out of an inbox automatically, it's truly impressive."

Enhancing speed and accuracy of investigations

Darktrace intelligent insights and proactive suppression help analysts investigate faster without the risk of escalation. In one instance, Darktrace detected a breach to a client’s network via its ZTNA VPN due to misconfigured multi-factor authentication. “The platform alerted us, autonomously blocked the scanning, and gave our team the critical data and time needed to investigate and act – helping prevent what could have been a ransomware-type incident," said Gray.

Exceeding expectations

From solutions and expertise to support and collaboration, Gray says “Darktrace has exceeded our expectations.” As one of Darktrace’s largest partners in North America, Gray appreciates the opportunity to provide input for future development. “This kind of partnership and collaboration ensures the Darktrace platform will continue to evolve in line with real-world needs, enhancing its effectiveness and user experience.”

‍

* Metrics are based on Meridian Cooperative business data and sourced from their monthly Cyber AI Insights reporting