Autonomous Response is the crown jewels of information security. It can trigger a broad range of actions; each targeted according to the nature of the threat.
Josef Buttinger
 
Corporate IT & Security Manager
,
EV Group

At a glance:

Security team sought packet-level visibility and aimed to reduce time to response

Trialled Darktrace alongside other technologies and witnessed accuracy of detections first-hand

Developed a trust in the AI's decision making and implemented Autonomous Response to fight threats around the clock

Packet-Level Insight and AI Detections

As the digital infrastructure at EV Group became more complex, the team sought to improve their security stature by going beyond the log-based analysis that its existing security tools relied on. Their log-based SIEM technology gave a good overview of the digital estate, but a lack of packet-level insight at the network traffic layer meant that security incidents were not being recognized and controlled fast enough. "It's not enough just to look at transactions; a deeper understanding of the communications between devices is necessary," commented Josef Buttinger, Corporate IT & Security Manager at EV Group. "With log-based tools, by the time we see that there is a significant security incident, it's too late – it's already happened."


The primary aim was to minimize the time between an event happening and it being acknowledged. "In an ideal world, this time to response would be less than 10 minutes," said Buttinger.The team therefore trialled Darktrace in a side-by-side bake-off with other tools, deciding on Darktrace's Self-Learning AI primarily because of the accuracy of its detections. "Darktrace doesn't swamp you with benign alerts because it knows 'normal'," says Buttinger, referring to the AI's ability to learn the 'patterns of life' for every user and device in the organization and spot subtle deviations indicative of a threat. "It is far more advanced; about a year and a half ahead of the pack in terms of the sophistication of the technology."

Darktrace shone a light on the organization's digital estate, revealing a host of issues that the team were not previously aware of. "With Darktrace you are able to see all of the configuration errors that could represent a backdoor into our digital estate. I mean all of them. Every event is interesting, but some events are particularly interesting for us when proactively identifying any vulnerabilities," commented Buttinger. The technology has helped the security team become more strategic in cleaning up their digital infrastructure and ensuring more robust security in the long term.

The Day-to-Day Use of Darktrace

Darktrace is the principle go-to technology for the security team at EV Group. They set the technology to surface only the events that have occurred in the last 24 hours, and every anomaly is looked at to ensure that the Darktrace dashboard is clean at the end of every day. "If Darktrace thinks that an event is something worth looking at, we have to assess it. That is our level of confidence in the AI technology," says Buttinger.


Darktrace's alerts are clear and precise, and the AI self-prioritizes security events according to urgency. This means the security team stay proactive and motivated. "If you look at the same thing every day, if you don't clear the noise, you see the same noise every day".

Extending to Autonomous Response

Whilst EV Group is working towards having operational security 24/7 – for now, with a security team comprising of five people, they are unable to keep a permanent overwatch around the clock. And with threat actors often striking at nights or on weekends, it was necessary to add Autonomous Response to the security stack, to take targeted and proportionate action against threats, whenever they come in.Darktrace's Autonomous Response is powered by Self-Learning AI that learns the digital estate – every user and every device, analyzing hundreds of signals and applying advanced AI to surface only the anomalies that exceed a certain threshold.

"Autonomous Response is the crown jewel of information security," says Buttinger, "It can trigger a broad range of actions; each targeted according to the nature of the threat, safeguarding the confidentiality, integrity, and availability of systems. Our confidence in the technology is so high that when an Antigena model is breached, we know it really is something bad." Antigena is synced up with the security team's existing alarm system, which wakes team members in the middle of the night in the case of a serious incident, with text-to-speech alerts. This ensures the team is able to rapidly respond to emerging cyber-threats, regardless of when they occur.

Darktrace is real AI. The system really trains itself, I never have to interact with any of the models. The system is astonishingly accurate.

Josef Buttinger
Corporate IT & Security Manager
,
EV Group
ABOUT
EV Group is a leading supplier of high-volume production equipment and process solutions for the manufacture of semiconductors, MEMS, compound semiconductors, power devices and nanotechnology devices. It supports an elaborate network of global customers and partners all over the world, with more than 1100 employees worldwide.‍
Download the case study
항목을 찾을 수 없습니다.

귀하의 비즈니스에 좋은 소식입니다.
나쁜 사람들에게 나쁜 소식입니다.

무료 평가판 시작

무료 평가판 시작

유연한 배송
가상환경에 설치하거나 하드웨어에 설치할 수 있습니다.
빠른 설치
설치하는 데 1 시간 밖에 걸리지 않으며 이메일 보안 평가판의 경우 더 적게 걸립니다.
여정 선택
클라우드, 네트워크 또는 이메일을 포함하여 가장 필요한 곳 어디에서나 셀프 러닝 AI를 사용해 보십시오.
약정 없음
Darktrace Threat Visualizer 및 세 개의 맞춤형 위협 보고서에 대한 모든 액세스 권한이 있으며 구매 의무는 없습니다.
감사합니다! 제출되었습니다!
양식을 제출하는 동안 문제가 발생했습니다.

Get a demo

유연한 배송
가상환경에 설치하거나 하드웨어에 설치할 수 있습니다.
빠른 설치
설치하는 데 1 시간 밖에 걸리지 않으며 이메일 보안 평가판의 경우 더 적게 걸립니다.
여정 선택
클라우드, 네트워크 또는 이메일을 포함하여 가장 필요한 곳 어디에서나 셀프 러닝 AI를 사용해 보십시오.
약정 없음
Darktrace Threat Visualizer 및 세 개의 맞춤형 위협 보고서에 대한 모든 액세스 권한이 있으며 구매 의무는 없습니다.
감사합니다! 제출되었습니다!
양식을 제출하는 동안 문제가 발생했습니다.