CordenPharma
Challenge
Many of CordenPharma's customers are in early-stage clinical drug trials and thus require strong data protection. It takes several years and billions of dollars to bring new pharmaceuticals to market, a process which requires the safe-keeping of both patient information and confidential IP. As a consequence, the pharmaceutical industry continues to be targeted by sophisticated cyber-attacks. In particular, threat-actors often attempt to compromise major pharmaceutical providers by first breaching their supply chains — composed of third parties who often have access to sensitive data outside the security team's purview.
Given its lean security team, CordenPharma also needed a technology to augment its manpower. Legacy tools — rooted in fixed 'rules and signatures' — flag any activity that meets broadly defined technical parameters, often inundating teams with a flood of false positive alerts. Not only do such alerts generate an inordinate amount of unnecessary labor, they also lead to genuine threats becoming buried and even overlooked entirely.
Solution
Following a four-week Proof of Value (POV), CordenPharma decided to deploy Darktrace across its expansive digital infrastructure. Darktrace's Self-Learning AI leverages advanced AI algorithms to distinguish between normal and abnormal activity for each individual user and device, learning their typical 'patterns of life' while on the job. Thus, unlike conventional security tools that apply the same rules across the board, Darktrace's understanding of CordenPharma's unique business enables it to discern the subtly anomalous behavior indicative of a threat. And when such a threat requires urgent action, Darktrace Autonomous Response — the first enterprise-grade technology of its kind — contains it in seconds without interrupting normal operations.
In fact, Autonomous Response proved its value immediately during the trial period, when the company suffered a crypto-mining attack that was sapping a significant amount of computer power. Right away, Darktrace discovered the behavior and determined it was abnormal for the firm, as the compromised device was beaconing to an endpoint in Hong Kong to which it had never connected before. Autonomous Response would ordinarily have blocked this behavior, but it was deployed in 'Passive Mode' for the POV, meaning that it simply recommended its actions to the security team.
Because that team happened to be preoccupied, Autonomous Response's 'Passive Mode' setting served to illuminate how the technology works throughout a crypto-mining attack. After the anomalous beaconing activity, the device downloaded an executable from the Hong Kong endpoint, which Autonomous Response would have again intervened to prevent. Eventually, an outbound data transfer of over 1 GB was initiated. At this point, Autonomous Response would have stopped the device from transferring any data to the foreign endpoint. Darktrace's ability to intelligently and surgically remediate the incident would have averted any damage, convincing CordenPharma to deploy Autonomous Response in 'Active Mode'.
Benefits
Darktrace provides 100% visibility across CordenPharma's digital enterprise from a single interface, the Threat Visualizer. Moreover, the alerts that it displays are prioritized automatically, allowing the lean security team to rapidly triage security incidents. The Threat Visualizer is comprehensive: the security team can trace specific activity or users across time, replaying historical incidents at any level of detail.
One of the principal benefits of Darktrace's Self-Learning AI is its ability to alert CordenPharma to threatening incidents early — before they can become damaging attacks. Such real-time intelligence affords both CordenPharma and its customers confidence in the security of their data.