AI Case Study

Servizi in Rete detects cyber-security threats in real-time using unsupervised machine learning to classify every action in the network

Italian telecom service provider, Servizi in Rete, has deployed DarkTrace's innovative cyber defense technology - Enterprise Immune System to achieve complete network visibility and detect security threats. The algorithm maps network topology to create a baseline version and can identify any anomaly instantly.

Industry

Professional Services

Professional Services Other

Project Overview

"Servizi in Rete was looking to safeguard sensitive business and customer data, detect insider threat, overcome limitations of legacy tools, incomplete network visibility

With Darktrace’s ‘immune system’ technology, Servizi in
Rete is now able to monitor all devices and users on its
network and can detect emerging cyber-attacks in real time,
even from inside sources, while there is still time to act.
The Threat Visualizer, Darktrace’s 3D graphical interface,
provides Servizi in Rete with 100% network visibility and
presents alerts enabling its security team to dig deeper
into specific activities and connections with the outside
world that may be suspicious and indicative of cyber
threat. “Darktrace’s interface is very easy-to-use and
simple to navigate for all levels of user,” said Massimo
Salierno, CIO, Servizi in Rete.

Servizi in Rete also benefits from weekly Threat Intelligence
Reports (‘TIRs’), produced by Darktrace’s expert analysts. "

Reported Results

According to DarkTrace:

* Real-time threat detection
* Ability to monitor all users and devices on its network
* 100% network visibility

Technology

Recursive Bayesian Estimation
"Both internal and external parties usually exhibit distinct behaviors before engaging in malicious acts. A contractor logging on at an unusual time, groups of files being aggregated, or an unusual volume of email traffic."
"Built on a foundation of Bayesian mathematics and unsupervised machine learning, the system analyzes complex network environments to learn a ‘pattern of life’ for every network, device, and user. Advanced machine learning techniques then correlate
patterns in network traffc to detect previously unknown threats and automatically defend networks with digital ‘antibodies’. "

" L1-regularized regression model – also known as the lasso method – to a family of sparse ‘structured’ regression models. This allows for the discovery of true associations between linked malware, C2 events (inputs), and data egress (outputs), efficiently solving convex optimization problems to yield parsimonious models"

Function

Risk

Security

Background

"Founded in 2006, Servizi in Rete works with hundreds of local distributors and larger companies across Italy, providing a range of services and products. From phone top-up cards and parking cards for local tobacconists to intranet management services for established corporations."

Benefits

Data

"To learn ‘normal’ for a network, the Enterprise Immune System identifes naturally occurring groups of devices and behaviors — a task that would be impossible to do manually. Darktrace then employs advanced clustering methods to analyze network behavior in terms of similar devices on the same network. This generates a picture of ‘normal’ without reference to external data and without
human interference.

While traditional systems adopted a binary approach, Darktrace accepts the inevitable ambiguity of such data. The Enterprise Immune System recognizes that behavior isn’t merely ‘malicious’ or ‘benign’. By correlating a broad range of factors, like server access,
timing, and data volumes, Darktrace intelligently ranks threat. This simultaneously allows organizations to prioritize the most serious threats, and eliminates the problem of false positives. Equally important is the task of learning the unique topology of intricate network structures. To achieve this, the Enterprise Immune System utilizes iterative matrix methods that reveal relationships between network features. In conjunction, Darktrace uses an innovative
application of models from statistical physics to map a network’s ‘energy landscape’ and reveal potentially anomalous substructures.

A further problem lies in how to handle the huge number of variables involved in modeling the high-dimensional structure of complex network environments. In the observation of packet traffc and host activity within an enterprise LAN or WAN, where both input and output can contain millions of inter-related features, learning a sparse and consistent predictive function is challenged
by a lack of normal distribution."