Customer stories

Brisbane Airport Corporation

Brisbane Airport Corporation (BAC) operates Brisbane Airport (BNE), the gateway between Queensland and the world.
The beauty of the Darktrace system is that it learns what’s normal, and then tells us what’s not. It gives us that beaconing insight.
Member of the Technology Team
Brisbane Airport Corporation

Anomaly-based detection protects the business

Brisbane Airport Corporation comprises 3 principal areas of its business: Aviation, Consumers and Property.

In the Aviation space, BAC handles over 60,000 passengers daily, and the security of those people and their information is vital.

The Property space covers 2,700 hectares and has a varied and large tenant portfolio from a variety of market segments including industrial, commercial, retail, entertainment and aviation.

The Consumers portfolio covers CCTV, parking, ground transportation, retail, commercial and advertising.

The BAC Technology team must ensure all those areas and assets are monitored and protected, 24/7.

To secure this sprawling, high-stakes digital estate, the BAC Technology team chose Darktrace. Darktrace uses AI that continuously trains on BAC’s unique business data to learn the normal behaviors of users and devices. With this understanding, the AI can use anomaly-based detection to identify suspicious activity and alert the BAC Technology team at machine speed.

Darktrace has reduced the team’s time to detection by 94%. This improved reaction time was seen early during the team’s proof of value trial, when it ran a red-teaming exercise in which Darktrace alerted on compromised systems and services within a few minutes of the start of the penetration test.

“The free Proof of Value (POV) is very important for people to realize the value out of Darktrace; you need to evaluate it,” said a member of the BAC Technology team. “Once it’s in there and done its initial learning, you will be surprised at the things that were previously unseen that posed potential risks.”

Since deploying the network coverage, the BAC Technology team has seen Darktrace’s AI in action repeatedly. With Darktrace / NETWORK's visibility over 8,000+ devices, the BAC Technology team found that 60-70% of exploits were internal. For example, on one occasion Darktrace generated several alerts after it detected a vendor running a program on a test system. The vendor had not notified the team, so Darktrace’s alerts allowed it to triage, investigate, and address the situation quickly.

“The beauty of the Darktrace system is that it learns what’s normal and then tells us what’s not. It gives us that beaconing insight,” said a member of the BAC Technology team.

The team has integrated other tools with Darktrace, sharing third-party alerts and expanded business information so that Darktrace has now become an integral part of the overall cybersecurity eco-system. This simplifies the team’s workflow as well as improves Darktrace’s detection accuracy with increased data to train the AI.

AI monitors diverse critical infrastructure and manages OT risk

Not only must the BAC Technology team protect the airport’s networks, but it also must secure critical infrastructure. Industry-wide, operational technology (OT) and Internet of Things (IoT) devices are often overlooked, and they are an area that is increasingly being exploited.

The airport has a vast OT landscape, and some of those assets are difficult to monitor and maintain. The diverse assets also carry different scales of risk to manage. For example, threat actors could turn on the sprinklers and drive up the water bill or they could access power and control systems to disrupt airport operations.

The team wanted to monitor all OT assets for exploits, mitigate risks, and react when and if an attack occurs. Initially, there were reduced tooling looking after the OT assets and were using a third-party system that was inadequate for the needs of the business and required a manual process to review and run logs.

Like with the network, Darktrace / OT uses the same, business-centric approach to identify suspicious activity in near-real time, whether it has seen similar attacks before or not. It improves visibility across the OT landscape and moves beyond isolated CVE scores to redefine vulnerability management for critical infrastructure, mapping attack path modeling to the MITRE framework to generate prioritized hardening recommendations.

With Darktrace / OT, BAC’s Technology team can make sure no threats cross the DMZ and better manage network intrusion. For example, if an OT engineer plugs their laptop into the power transformer, then the Technology team will know and can jump into action to respond.

The team also uses Darktrace / OT as part of its methods to adhere to compliance ordinances like the SOCI Act, ISO 27001, and internal policies.

Security tools that grow with the business

The airport is gearing up for the future. With more than $5 billion being invested in the next decade in terminal upgrades, expansions, improvements and development projects that will increase the airport’s capacity in line with population growth, Brisbane Airport Corporation is investing in technology that contributes towards a safer and more secure operating environment. This includes increasing the use of automation, machine learning, and AI. That goal will be reflected not only in its devices and infrastructure, but as part of its cybersecurity philosophy.

BAC’s Technology team wants to add additional tiers of defense while reducing reaction times. That means not relying on the individual to flag a threat but enabling proactive and AI-powered actions. Darktrace / NETWORK and Darktrace / OT are building blocks towards that goal, and as Darktrace technology continues to innovate, BAC’s Technology team is interested in expanding its deployment to protect its own evolving technology.

Darktrace can grow with the business, as its AI learns continuously so it can easily scale and develop alongside the digital infrastructure. The AI can also be applied anywhere the company has data, including the cloud, email systems, software as a service apps, and endpoints. As such, the security team is ready to continue and expand its partnership with Darktrace.

The free Proof of Value (POV) is very important for people to realize the value out of Darktrace.

Member of the Technology Team
,
,
Brisbane Airport Corporation
At a glance:
  • Darktrace reduces the security risks associated with OT and IT systems and services with its industry leading Machine Learning and Cyber AI capabilities to understand and map what is normal.
  • Darktrace / NETWORK saves money by reducing time to detect, triage, investigate and remediate.
  • Darktrace / OT increases visibility for critical infrastructure, including devices that are old and open to vulnerabilities.
  • AI easily scales with the business and can be applied anywhere a company has assets.
Share this article
Your data. Our AI.
Elevate your network security with Darktrace AI