- Autonomous response and 24/7 visibility protects the critical infrastructure controlling Slovenia’s airspace
- Brings OT and email together into a unified, easy-to-manage solution
- Augments the lean security team by automating investigations with Cyber AI Analyst
- Strong partnership that ensures continuous innovation and protection
Protecting critical infrastructure with autonomous response
Slovenia Control requires a seamless approach to cyber security that protects the country’s critical infrastructure 24/7. Due to the nature of aviation, the company can’t turn off its systems to contain a malicious threat as air traffic control needs to operate continuously to ensure safe and secure skies.
As a mature security organization, Slovenia Control was looking to improve visibility of its systems and adopt a core technology that offered multiple capabilities in a single pane of glass. After looking for an OT-focused network solution using Gartner reviews, CIO Andrej Golob came across Darktrace.
Now the team rely majorly on Darktrace’s 24/7 detection and response capabilities, freeing up their small team for more specialist work. “Autonomous response gives us confidence that we can go to sleep and not leave our phones on,” commented Golob. “It gives us a lot of safety and assurance that it has our back for the immediate and important things even during off-hours.”
Augmenting a lean SOC by automating investigations
Cyber AI Analyst leverages insights collected from Darktrace’s world-class experts over years of threat investigation to make highly accurate decisions. It can sift through large volumes of data at speed and scale, augmenting human teams and buying back time to focus on strategic work.
For Slovenia Control, the biggest added value is in AI Analyst’s ability to prioritize which events are relevant for further investigation, saving the security team time. From the outset, AI Analyst accurately identified the most important events and even flagged interesting employee behaviors that added useful context to their security program. “The capability to ask AI Analyst to re-evaluate an alert is almost like having a team member to instruct,” said Golob.
On a normal day, it only takes the team 5-10 minutes to triage AI Analyst reported occurrences, whilst only scoping through the raw alerts out of precaution. “In terms of daily triage and routine work, AI Analyst probably reduces the time needed for a SOC Analyst to get up to speed by about 20x – for us as a small team that’s a huge and essential benefit,” estimates Golob. With Darktrace, he feels confident that they won’t need to expand their team beyond four or five people for the time being.
For extra support in case of a breach, they also retain Darktrace’s Ask the Expert (ATE) service, which allows their security team 24/7 access to Darktrace Cyber Analysts. The team use the service primarily to gain extra insight into unusual or complex alerts.
Bringing OT and email together to take action with greater context
Once Slovenia Control had established Darktrace/OT they had a good overview of their network, but from the perspective of attack vectors email was still a high priority. Their existing solution was still allowing spam, unwanted and even suspicious emails through the firewall.
Darktrace’s OT and email AI engines share data so that both can take action with greater context. This understanding is important to ensure that relevant emails aren’t held unnecessarily or impact on productivity.
Once the Darktrace/Email product was available on-premises, Slovenia Control tested the product during a POV and were impressed with the level of accuracy. Where users previously had to spend time triaging their mailboxes, they now receive no spam or malicious emails. Helpfully, the security team can review their email and OT status in a single UI, reducing time to meaning for increased operational efficiency.
Building a productive partnership with Darktrace
From the POV stage, Slovenia Control built a productive relationship with Darktrace that focused on trust and value. During the trial, the Darktrace team flew to Slovenia to visit the premises, walking the team through the tools and surfacing anomalies they were unaware of.
Slovenia Control tested the products for a year, during which they hired penetration testers to evaluate Darktrace compared to a number of other tools. Darktrace came out on top in providing 100% visibility and successfully detecting and stalling the penetration tester, which made for a clear justification of the product to the board.
As Darktrace’s capabilities have increased, Slovenia Control has consistently been an early adopter of new functions and tested out new products. “Testing Darktrace products is always a good experience,” said Golob. “If a feature works well for us we’ll try and procure it so solve the issues we have.”