AI Case Study

The Scottish Government is protecting its sensitive data against cyber threats using machine learning

The Scottish Government leverages Darktrace's machine learning solution to proactively defend its systems from potential cyber threats. The technology is able to detecting abnormal behaviour such as data transfers and use of prohibited sites and software. The implementation has provided the Government with real-time threat detection and risk mitigation and full network visibility, while gaining a better understanding on user and device behaviour.

Industry

Public And Social Sector

Government

Project Overview

"After reviewing and trialling a number of technologies, the Scottish Government decided to embark on a four-week Proof of Value (POV) trial period with Darktrace. During the POV, the efficacy of Darktrace’s Enterprise Immune System was clearly evidenced.

The technology, which is developed by mathematicians from the University of Cambridge, detected a number of points of interest: malware actively attempting to contact an attacker, unusual and insecure data transferrals, and employees using prohibited sites and software.

Darktrace’s unique Enterprise Immune System is inspired by the biological principles of the human immune system, and is powered by machine learning technology. Unlike legacy approaches, it does not use pre-set rules or signatures in order to detect threats. It models the behaviors of each device and user within an entire network to build a ‘pattern of life’ specific to that system.
Any deviation from ‘normal’ activity, however subtle, is identified in real time, so that action can be taken. Additionally, the Scottish Government’s security team receive a Threat Intelligence Report (TIR) with further analysis and explanation. Anomalous behavior is analyzed and classified according to threat level, so the Scottish Government can handle and respond to issues immediately and efficiently.

Thanks to Darktrace’s self-learning technology, the Scottish Government is now fully equipped to detect novel cyber-threats and mitigate the risk they pose. Darktrace’s Threat Visualizer Interface provides it with a comprehensive, graphical overview of its network and potential threats as they occur, in real time. The classification system enables it to prioritize issues according to importance and employ human resources efficiently."

Reported Results

According to DarkTrace, the Scottish Government benefited from the following "results:

* Real-time threat detection and risk mitigation
* Vastly improved understanding of user and device behavior
* Full network visibility."

Technology

Darktrace’s unique Enterprise Immune System is inspired by the biological principles of the human immune system, and is powered by machine learning technology. Unlike legacy approaches, it does not use pre-set rules or signatures in order to detect threats. It models the behaviors of each device and user within an entire network to build a ‘pattern of life’ specific to that system.

Function

Information Technology

Security

Background

"The Scottish Government recognized the need to employ a new-generation cyber security technology able to tackle the challenge of the modern, varied and evolving threat landscape. It aimed to safeguard its reputation and critical data and get protected against potential insider threats."

Benefits

Data