The State of Oklahoma faced significant challenges in monitoring and analyzing its extensive and diverse network traffic. The sheer volume and complexity of packet captures required high skill levels, and the process was both tedious and time-consuming. Additionally, the network's large size, various segments, and wide geolocation made it difficult to consolidate data from different sources using a single appliance. This situation was further complicated by a shortage of skilled professionals, making it increasingly difficult to find individuals with the necessary expertise.

Implementing Darktrace provided the State of Oklahoma with a robust solution to these issues. Darktrace's AI-powered capabilities reduced the dependency on highly skilled employees and streamlined the management of data from different network segments. This allowed the state to effectively monitor its wide-reaching network, upskill its current team, and focus on essential tasks, ultimately improving overall efficiency and security.

Improving visibility

The Oklahoma Office of Management and Enterprise Services (OMES) covers most of the state's agencies. Having multiple appliances for all these sources of data is not an efficient form of monitoring and a large task when there are many different network segments and an expansive geolocation. The OMES security team overcame these network monitoring challenges by implementing Darktrace.  

While traditional tools require endpoint detection and response (EDR) agents placed directly on endpoints, consuming significant time, energy, and resources, Darktrace appliances integrate seamlessly with network traffic. This integration was crucial for the State of Oklahoma, which was routing its data through the state's data center. Darktrace allowed for granular visibility and actionable insights, thereby enhancing support for the agencies the state collaborates with.

The interconnected nature of the state's network meant that even if the internal team was fully secure, a breach in an external agency could still pose a threat.  

“Darktrace's comprehensive monitoring capabilities enabled the State of Oklahoma to extend its protective measures to these connected agencies, fostering a sense of camaraderie and mutual support,” said Michael Toland, Chief Information Security Officer at the State of Oklahoma.  

Thousands of hours of investigation time saved with Cyber AI Analyst

The team has benefitted from significant time savings with Darktrace’s Cyber AI Analyst taking on the initial triage of anomalous behavior, conducting autonomous investigations to decipher whether an anomaly is benign or part of a wider, more serious security incident.  

Over a 30 day period in January 2025, this technology helped reduce an in-tray of 3,142 alerts into 162 incidents, and from those only 18 ‘critical incidents’ were established. This has saved the OMES security team a potential 2,561 hours in investigation time, ensuring staff can focus their time on more strategic and proactive workflows.

Having Cyber AI Analyst has helped the State of Oklahoma triage and prioritize all relevant alerts, even those from third party security tools, empowering the lean IT team to "clear the table" of critical alerts every day. Because of its ability to consolidate, explain, and prioritize vast amounts of alerts the team can address everything with a risk score of 40 (out of 100) and above, ensuring that no significant threats go unnoticed.

Darktrace's ability to distill vast amounts of data effectively eliminates the noise, allowing the team to focus on genuine risks without being overwhelmed by irrelevant information. This streamlined workflow not only enhances the team's productivity but also ensures a timely and efficient response to potential threats.

Autonomous response brings peace of mind

The security leadership is cognizant that cyber-attackers act in the off hours. This is why the team appreciates Darktrace’s autonomous response capabilities, which has proved vital in taking precise action at machine speed to stop threats. The ability to respond quickly and autonomously is key to effectively managing a large network outside of working hours. This is particularly important given the ongoing challenge of quickly reacting to emerging threats, a task that previously placed a significant burden on on-call staff.  

By automating the response process, the State of Oklahoma ensured that its network was protected continuously and swiftly, without requiring constant human intervention. This not only enhanced security but also allowed the team to focus on more strategic tasks, ultimately creating a more resilient and responsive cybersecurity environment.

Integrating Darktrace with other platforms significantly enhanced the State of Oklahoma's incident response efforts by making critical data accessible and actionable for all stakeholders. Darktrace's integration with their existing security information and event management (SIEM) helps the team analyze data over extended time scales, providing a clearer, aggregated view of network activity. Now, leadership can cross-check data from Darktrace alongside alerts in their SIEM to add confidence and context to their alerting.