
The challenge
At first glance, an English full-service law firm founded in 1837 doesn’t sound like the obvious home for cutting-edge technological innovation. But Bristows is not your usual partnership; its clients are multi-trillion-dollar Silicon Valley tech firms, pharmaceutical giants, and smaller, even more innovative startups. That clientele – and the scientific and technical background of many of its lawyers – means that Bristows’ cybersecurity capabilities have had to evolve and grow to match increasingly stringent requirements. Even more impressive: the company does all of this with a compact, agile security team.
While AI has recently captured mainstream awareness, Darktrace pioneered AI cybersecurity capabilities. The long relationship between Bristows and Darktrace has seen that innovation put into practice to match Bristows’ evolving and growing needs, such as protecting employees and clients from cyber-attacks, data theft, and other threats.
“It’s not just the technology: we have to know that we’ve got people at our side that can help us at any point,” said Chris Jory, IT Manager at Bristows. “We’ve always had the impression that Darktrace sees us as an equal partner, not a customer.”
As a law firm with a particular focus on intellectual property work for technology and pharmaceutical companies, Bristows has more need than most to secure its data – and the data of their blue-chip clients.
A small team, and a big ask
The IT team at Bristows is small, and responsibility for cybersecurity rests on the shoulders of Jory and the company’s Director of IT, Phil Wood. With a strong roster of tech, media, and pharma companies for clients, Bristows’ partners are more attuned to the risks and intricacies around data loss and cybersecurity – and fully support a comprehensive, tech-led approach.
Any technological solution had to do two jobs: protect the business, and free up the team’s time so they could focus on other tasks without having to babysit the solution.
The security team turned to Darktrace and its AI-powered cyber defense.
Bristows customers are tech-savvy and need to know their data and intellectual property is protected. The advent of generative AI has only increased the value of AI-powered cybersecurity, as the team see more and more phishing attacks with Large Language Model (LLM) and AI elements. Finally, with a small team, it was essential that any solution reduced workloads – something Darktrace AI demonstrated and continues to deliver for the team.
“We simply don’t have the scope to employ three or four people just in security roles, so we need software that can help us without needing lots of people to deal with it,” said Wood. “Whatever we get needs to save us time and internal resources. Darktrace Cyber AI Analyst helps us do exactly that.”
Freeing up the team for more rewarding challenges
Darktrace Cyber AI Analyst augments the work of small IT teams, freeing them up from low-level work sifting through large volumes of alert and other data. Cyber AI Analyst takes on this work – conducting the work at greater scale and speed than a human – and looks for patterns that indicate a possible security incident. This reduces the time required for initial triage and investigation significantly.
Facing a constantly-shifting security landscape, urgent tasks can often push important tasks off the top of any team’s list. Automating the triage and investigations with Cyber AI Analyst has meant that the Bristows team are no longer drowning in alerts and resisting the temptation to fire-fight problems. Instead, they can take a more strategic approach.
“If we get an alert in Darktrace Cyber AI Analyst goes off and it does the investigation for us,” said Wood. “It can then give us an idea of how to approach the problem.”
This approach automates – and can speed up – much of the early process of triaging and categorizing alerts, saving the team significant amounts of time and equipping it with context, advice, and insight with which to take action.
By automating a lot of the alerting process, Darktrace can also reduce alert fatigue – a condition which causes missed alerts and burnout amongst teams. Instead of being deluged in data in the form of false positives, incident logs and alerts for the tiniest action, Darktrace actively lightens the team’s load, rather than adding more administrative and firefighting tasks. Most importantly, it can reduce time-to-alert significantly, and frees staff for more stimulating and strategically-important work.
Email protection with enterprise-wide context
Social engineering attacks via email, video, and collaboration tools represent a significant threat to their organization – especially as an array of AI-powered tools on the public internet has become available to attackers. AI-enabled attacks call for AI-enabled defenses, and this is where Darktrace’s heritage in using AI and machine learning to turbocharge cybersecurity comes to the fore.
Bristows now relies on Darktrace / EMAIL, which uses AI to build a continuously updated analysis of ‘normal’ for every email user and interaction to spot and stop the more advanced threats that existing solutions may miss. Combining that with insights Darktrace picks up across the network gives a more complete understanding of unusual behavior and activity – for example in identifying suspicious links that have never been seen or interacted with not only at the email layer, but in the wider network too.
“At least the phishing emails have better grammar and spelling these days,” laughed Jory. “It’s harder for humans to spot malicious emails, and we’re now going to have to lean even harder on AI – in the form of Darktrace / NETWORK and Darktrace / EMAIL – to help us out.”
Darktrace’s solutions also demonstrated adaptability to sudden and unpredictable change; in particular, Darktrace / ENDPOINT allowed the team to continue to protect the company’s employees and clients during the COVID lockdowns, when the number of staff remote working went from a small and infrequent number to the entire business. With endpoints suddenly scattered across hundreds of remote locations, connected via consumer broadband, the ability to manage and protect a distributed estate remotely – and at short notice – was a massive bonus.
Making a multi-layer, multi-vendor approach work
Bristows’ security team’s best-of-breed approach addresses the challenge of improving time-to-response with a small team, and that has meant that Darktrace must work across platforms, network layers, applications, and solutions without a hitch.
“Our helpdesk team are actually quite key to this. A lot of Darktrace alerts are processed by the Darktrace Cyber AI Analyst, before they become something the helpdesk needs to look at,” said Jory. “But it’s also plugged into the SIEM, which means the XDR team looks at it, and alerts us if they see anything untoward.”
By integrating and interoperating with existing tools and solutions, Darktrace has helped Bristows simplify a lot of its cybersecurity workflows and operations, maximizing ROI on new and historical security tooling investments.
Doing the same – in the cloud
Bristows has also started to move workloads to Microsoft Azure, switching from maintaining its own on-premises servers and infrastructure to buying what it needs in the cloud. The team was very pleased with how Darktrace monitors for unusual traffic within Bristows’ own networks, so was pleased to discover that Darktrace could extend coverage into its Microsoft Azure environment, using the same fundamental machine learning to detect and respond to threats in the cloud.
Wood reflects: “We could extend that protection beyond our network and into a cloud environment without any trouble at all.”
The end result: a company that works with - and protects - tech giants
Bristows must prove time and time again that they are prioritizing the security of their high-profile and innovative clients.
“Darktrace provides us with protection and we can use it to make sure we’re as well-defended as we can be,” says Wood. “In the future, organizations won’t be judged on suffering a cyber incident – because it’s almost inevitable. They’ll be judged on how they recover from incidents, and that’s where we know Darktrace, and the people that work there, have our backs.”


