Dreamworld
Darktrace allows us to apply the same security model to all traffic, whether it is on-premises or in the cloud.
Around the clock protection
Dreamworld is Australia’s playground, with attractions that draw millions of visitors each year. Between its brand prominence and listing in the Australian Stock Exchange, Dreamworld is a massive target for cyber-crime. That’s why Dreamworld turned to Darktrace in November 2021 to protect its hybrid environment, including network, AWS, Microsoft 365, and endpoints.
The global pandemic changed Dreamworld’s security posture. While the park was closed to visitors in 2020, the security team cancelled its SOC service, and did not have a program ready upon its return. That meant there were gaps in its security coverage once employees clocked out each evening. Moreover, as it is an Australian company, the time difference made Dreamworld an easier for threat actors overseas.
Dreamworld’s security team had been impressed with Darktrace at tradeshows before but had been relying on other security tools at the time. After the park’s reopening, the security team reevaluated its needs and budgets. After learning that Darktrace could take the place of a SOC as well as offer additional controls over digital traffic, Dreamworld began its Darktrace trial.
“The POV process was a breeze. It was an easy set up for me to do. Darktrace was picking up network traffic within seconds and providing alerts within 24 hours,” said Rich Raymont, the ICT Manager at Dreamworld and SkyPoint.
Now, Darktrace secures Dreamworld’s digital landscape at all hours of the day. The Self-Learning AI learns the company’s normal business operations, and so can detect anomalous activity that indicates a cyber-attack. Once an attack is identified, Autonomous Response neutralizes it within seconds and with surgical precision, allowing normal business operations to continue uninterrupted. In this way, Darktrace has given Dreamworld not only visibility, but also understanding and assurance that its digital activity is safe.
Holistic security, from cloud to endpoint
Dreamworld has migrated some of its digital infrastructure onto the cloud, using AWS and Microsoft 365 applications. This migration brought with it a skills and knowledge gap that opened the possibility for misconfigurations and lessened the IT team’s sense of security. With Darktrace, the team is now confident that an attacker will be detected whether the network or the cloud is breached.
Darktrace is AWS certified and covers every layer of AWS cloud activity. The Self-Learning AI continuously learns user behavior, including but not limited to resource creation, connectivity, and role assignment. Since the AI does not rely on servers, it can scale within the cloud to secure to any amount of traffic. Autonomous Response natively integrates with AWS Lambda to support workflows bespoke to each customer’s preferences.
“We treat our cloud infrastructure as a simple extension of our on-premises environment but with the flexibility to scale servers as required,” Raymont said. “Darktrace allows us to apply the same security model to all traffic, whether it is on-premises or in the cloud. This means we know, wherever we put our workloads, they are being monitored and secured to the same level of compliance. With Darktrace in the mix, I am confident that an attacker will be detected no matter where they have managed to breach our defenses.”
Darktrace’s AI technology integrates its findings from every part of the digital landscape that contains data, so it can analyze and act across the network, the cloud, and anywhere else to provide the security team with a complete understanding of all activity and threats. Dreamworld has used this to its benefit, for example, by deploying Darktrace/Endpoint to cover two small, remote office sites.
“Darktrace does not care whether the traffic is general network, an application, a log file, a document, from the cloud, or from the endpoint. It treats it all the same and passes it through the same rigorous data models regardless,” Raymont said.
Quick alerts and enforcement
Darktrace has already protected Dreamworld from threats and vulnerabilities. In one instance, a user had set up new forwarding rules in the Microsoft 365 environment, a common action in cyber-attacks. While this time it was a legitimate change made by the user, a similar occurrence happened before to an executive team member as part of a hack. Darktrace alerted the security team of a change 30 minutes before the Microsoft notification came through, which is a long wait if it were a legitimate cyber-attack.
Darktrace also discovered users storing passwords in Excel files instead of the corporate-approved password solution. This is a major risk, for this unprotected file could aid a threat actor in his lateral movement and infiltration. By detecting and reporting these cases, Darktrace helped enforce governance controls and protected the company and employees.
“Darktrace is an amazing tool for logging everything on the network, all the data,” Raymont said. “Say you suffer from an attack, with Darktrace you have every piece of traffic seen in the last three weeks, so you can find the missing piece or what went wrong. It also gives me peace of mind, knowing that somebody or something is always watching.”
With Darktrace in the mix, I am confident that an attacker will be detected no matter where they have managed to breach our defenses.