AI Case Study
MetroPath mitigates cyber threats using Darktrace's network monitoring and machine learning
MetroPath has implemented Darktrace to monitor devices and users on its network to detect unusual patterns and identify potential threats. Darktrace does this by using unsupervised learning and ranks unusual activity by its degrees of variance from the norm.
Healthcare Providers And Services
"To address these concerns, MetroPath deployed Darktrace into the heart of its network for a four-week Proof of Value (POV). After a one-hour installation, Darktrace began self- learning about every user and device on the network to develop a distinctive sense of ‘self’—what belonged on the network, and what didn’t. Powered by unsupervised machine learning and AI algorithms, Darktrace can detect subtle and stealthy deviations from this ‘normal’ network activity, spotting and stopping anomalous threats in real time, before they can do any damage. Darktrace presents its understanding of the ‘pattern of life’ via the intuitive 3D Threat Visualizer, which provides complete visibility of MetroPath’s entire network infrastructure, including IoT and rogue devices. It ranks each threat by its deviation from ‘normal’ activity, limiting alert fatigue and enabling MetroPath’s team to prioritize the most pressing threats.
After being deployed in MetroPath’s network for just under two weeks, Darktrace demonstrated its nuanced understanding when it discovered strange activity taking place in the middle of the night. A computer was making an unknown data transfers to devices in Russia. Darktrace was able to instantly alert the security team, as the time, size, and destination of the data transfer deviated from the network’s expected ‘pattern of life’. MetroPath instantly took the computer offline, and the situation was mitigated before any damage could be done."
Specifics undisclosed but Darktrace claims:
* "Comprehensive visibility of every device on the network, including IoT
* Dynamically updating ‘pattern of life’ helps reduce false positives and cut through the noise."
"In recent years, the healthcare industry has been increasingly targeted by advanced cyber-attacks. Confidential records and financial data, along with life-critical medical systems, make the sector a top target for fast-moving threats, like ransomware, from threat-actors looking for financial gain. The industry’s rapid adoption of connected IoT devices has also expanded the attack surface. Alarmed by the healthcare industry’s changing risk profile, MetroPath wanted to enhance its IT systems with a proactive security technology.
The company’s IT team was concerned that its legacy approaches did not provide complete visibility of its entire network infrastructure. Further, the rules-based defenses were incapable of identifying never-before-seen threats, the ‘unknown unknowns’. Without a 24/7 security operations center, MetroPath lacked the resources to neutralize these attacks should they occur post-working hours. Moving forward in a threat landscape characterized by stealth and sophistication, it knew that early threat detection and complete visibility would be critical to safeguarding sensitive patient records."
Network traffic data