SMSA Express has offices in 11 countries and operates over 400 retail services in Saudi Arabia, meaning that its network infrastructure and supply chains are large scale and complex to manage. In addition, it provides individual couriers with handheld devices in order to carry out deliveries – if one of these devices is compromised it could affect the entire network of connected devices.  

With such a complicated physical and digital infrastructure, Kashan Khalid, IT Manager at SMSA, was particularly worried about threats already present in the network. “Today’s attacks aren’t coming from external to internal,” he stated. “They are lurking within organizations already. That’s why it’s critical to protect your existing infrastructure.”  

The consequences of a breach for SMSA would be significant. Downtime would equate to a loss of transportation services, in direct proportion to the company’s revenue. Once the system goes down, shipment scans cannot be processed so the entire workflow is affected.  

SMSA’s primary reason for purchasing Darktrace was to secure against attacks, focusing on those already in the network. During the trial period, Darktrace helped the team identify fraud activity on the company’s handheld devices, identifying affected machines and containing them before they infected the network.

Darktrace also identified unusual behavior which was previously unknown, such as a newly installed Samsung TV which had created over 250 connections to internal machines. It also flagged when staff members made large file swaps of backups, giving the company greater visibility and control over potential data exfiltration.  

Following a successful trial, SMSA has been using Darktrace for the past two years. “Without Darktrace, it would be very difficult for any network security team to see threats within their organization,” said Khalid.

Having Darktrace as a core part of SMSA’s security stack allows the team to identify and prioritize issues quickly, helping it to take action as fast as possible.  

Darktrace is enabled in Autonomous Response mode, so it can make decisions and take actions while the team is asleep. In addition, the team frequently uses the Darktrace Mobile App, which allows it to keep track of anything that requires immediate attention, even out of hours.  

The biggest benefit for the security team is that Darktrace provides protection without requiring a fully developed SOC. “If you can’t afford a 24/7 SOC team, you must have a Darktrace in your enterprise,” said Irshad M. Baig, National Manager of IT. Furthermore, a SOC environment has a time lag, and five minutes can be enough for an incident to become critical. Sometimes you need to act immediately, and Darktrace always makes the right decision.”

Consequently, communication with company stakeholders around Darktrace is very straightforward. “Almost all organizations are facing security attacks, it’s the norm nowadays. A few years ago, we were seeing them once in a year, now every month we’re facing at least two or three attempts. We hear about a lot of breaches, so it was easy to convince stakeholders that we needed Darktrace,” said Khalid.