Darktrace has shown itself to be a reliable security guard. Since Darktrace started filtering our emails, we are safer.
- Protecting a complex distributed network of offices, manufacturing centers, and production plants across IT and OT
- Improving email security to prevent cyber-attacks that originate in the inbox
- Boosting the security team with 24/7 autonomous response
Protecting a distributed IT/OT network
ONNERA has multiple commercial offices, as well as seven manufacturing centers with additional production plants, distributed around the world. The challenge is to provide total connectivity between employees, offices, clients, and suppliers while retaining visibility and protective control over the IT and operational technology (OT) networks.
While the data center is at the heart of the IT department, factories and manufacturing are at the core of ONNERA’s identity, making machinery one of their major investments. They needed an OT solution that would secure their factories in tandem with the maintenance and technical upkeep carried out every day using external agencies and devices. Through continuous visibility, Darktrace/OT™ detects early indicators of compromise and takes action to isolate unusual activity in the network, including insider threat. “Darktrace is our police between their laptops and our expensive manufacturing machines,” explained Bizarro.
Following the adoption of Darktrace/OT, ONNERA realized it still had plenty of blind spots in the network – no matter how many tools they put in place there were still unseen gaps in the siloes between them. With so many users requiring access to common applications and resources, the security team required a solution that could validate users and their activity at every stage, not just after permission has been granted to a specific area of the business. “We were blinded by a false perception of security,” said Iñaki Bizarro, IT Infrastructure Manager at ONNERA. It was this lack of visibility that led him to analyze the market in search of a comprehensive network solution.
After onboarding Darktrace DETECT/Network™ + Darktrace RESPOND/Network™ and seeing how accurate they were at flagging alerts on the network, the team set the solution to blocking mode to monitor activity and take action out of hours, including blocking access if a user is acting suspiciously. “Knowing that we have a tool as powerful as Darktrace helps us to be calmer. I sleep better,” commented Bizarro.
Preventing cyber-attacks through the inbox
Email remains one of the main vectors of attack for an organization, or more specifically, the email user and how they respond to malicious emails. Previously, ONNERA was using an anti-spam solution that functioned moderately well but still allowed things to slip through the cracks.
They adopted Darktrace/Email™ in tandem with their existing tool, but it quickly became the main solution and will be the sole email security provider once the previous contract expires. Since it has been in action, ONNERA has not suffered any security events via email, neither minor nor severe. “Darktrace has shown itself to be a reliable security guard,” commented Bizarro, “since Darktrace started filtering our emails, we are safer.”
Boosting the security team with 24/7 autonomous response
Bizarro is highly aware that threat actors will pick prime moments in the calendar to strike, particularly during holidays or non-business hours. Since ONNERA is a global business with distributed employees, they needed a solution that could function autonomously to contain attacks 365 days a year, 24 hours a day. Shutting off its network in case of a potential cyber-attack isn’t an option, as some of their plants are required to run at maximum capacity in order to meet their annual production output.
Darktrace has built confidence within the team that autonomous response will contain attacks that happen out of hours. As explained by Bizarro, “the product surprised us because it ended up resolving a concern that we all have – what happens when we aren’t looking?”
Within the security department, relying on Darktrace to prioritize and investigate alerts has allowed resources to be reallocated to focus on other strategic projects within the organization. It has also helped the team collaborate more easily with other departments in deploying new applications. “Darktrace has changed the perception of security that we have in the business,” commented Bizarro.
The product surprised us because it ended up resolving a concern that we all have – what happens when we aren’t looking?