The Pittsburgh Cultural Trust
We decided it was finally time to turn on Autonomous Response, and now I just wish that we’d done so much sooner. The actions it takes are accurate, and the peace of mind it has given the team is incredible.
At a glance:
Protects AWS environment
Detects and responds to novel and sophisticated cyber-attaclks
Targeted action minimizes disruption
Key Security Challenges
As a leading provider of arts for the area, the Pittsburgh Cultural Trust is tasked with the protection of patron, staff, partner organization, and artist data. Improved data protection standards and evolving compliance requirements such as PII and PCI, along with sensitivity around privacy concerns of stored data, are a top priority. A breach would seriously impact the Trust itself and the numerous people who support it.
At the same time, the organization is constantly growing and expanding, and each change brings potential security risks. In recent years, the organization underwent a rapid digital transformation, migrating from an on-premises network to a hybrid cloud environment utilizing AWS and other platforms. This added efficiency to its workflow, but created whole new areas of the Trust's digital environment which require monitoring and protecting. Cloud services like AWS are typically trickier for teams to gain visibility over, while offering threat actors the opportunity to scale and speed up their attacks.
For Michael Tiernan, the Trust's Director of Network Operations and Security Technologies, it was therefore essential that he found a cyber security technology that could not only provide top of the line protection across the Trust's sensitive data and assets, but would also grow with the organization, detecting and responding to threats in the cloud.
Bringing AI to the Data, Wherever it Resides
Today, Darktrace's AI detects and responds to cyber-attacks across the entire organization. After seeing success with Darktrace across its network and email security, the Trust extended Darktrace's coverage into its cloud infrastructure and applications. Darktrace analyzes AWS traffic to ensure that this area of the Pittsburgh Cultural Trust's digital estate is not a blind spot, but a key data source. The data from this cloud architecture is evaluated alongside activity from the network, email, and SaaS in the search for threats. With Autonomous Response, threats in all these environments can be dealt with quickly and precisely without human intervention.
Pittsburgh Cultural Trust is now looking to extend Darktrace's Autonomous Response capability to its endpoint devices and protecting its hybrid workforce wherever they are in the world. "Like most organizations, our workforce changed a lot during the pandemic," says Tiernan, "But Darktrace unified and demystified the whole organization for our new analysts, and we have never had to worry that our security posture was weakened."
Peace of Mind with Autonomous Response
Tiernan and his team have enjoyed a greater peace of mind since activating Darktrace's Autonomous Response, which shuts down sophisticated threats anywhere in the digital enterprise, including AWS.
The Trust's security team carefully considered the consequences of giving an AI system the ability to act in real time against emerging threats. They were concerned about the possibility of disruptions to the Trust's work, but now Tiernan says that those fears were unnecessary: "Once people began working from home, we decided it was finally time to turn on Autonomous Response, and now I just wish that we'd done so much sooner. The actions it takes are accurate, and the peace of mind it has given the team is incredible." These actions range from temporary connection blocks to enforcing a device's usual 'pattern of life', ensuring that normal business operations can continue as proportionate action is taken against the threat.
Tiernan says his team considered setting up Autonomous Response to only act against out of hours attacks but having it on around the clock has made life much easier. "We review the actions the AI has taken against threats and follow its recommendations for securing our systems further – it's far safer and more efficient than hoping to stop every threat on time ourselves and takes pressure off of the team."