Energy & Utilities
Energy and utility companies play a vital role in delivering essential services to millions of people and companies worldwide. It is paramount that their OT networks are adequately defended, as disruptions and breaches could have significant knock-on effects. Already, we have seen the outcomes of these kinds of attacks, such as the 2015 and 2016 cyber-attacks against the Ukrainian power grid which left approximately 230,000 people without power.
The complex nature of energy and utility infrastructures adds a further challenge when it comes to suitably protecting the critical services they provide. With both transmission and distribution networks to protect, as well as central and remote sites, the unique environment in which these companies are operating requires a higher level of visibility. In addition, new technologies such as smart meters and remote working tools continue to influence the evolving cybersecurity needs of the industry.
Regardless of network topology, Darktrace Industrial can provide complete visibility of RTUs, and remote OT such as substations and compressors. By monitoring from a central location, and deploying small probe appliances into substations, Darktrace Industrial models and protects entire power grids and utility systems.
Oil & Gas
In recent years, the oil and gas industry has seen rapid growth in terms of the digitalization of its operations. Whilst the benefits of this have been huge, it has significantly increased cyber-risk. Oil and gas companies must now protect connected field devices, sensors and control systems, as well as traditional devices, often in low-bandwidth and challenging environments.
As the complexity of industrial networks grow, and cyber-attacks on OT increase in frequency and sophistication, legacy tools are no longer sufficient. In 2017, the Ponemon Institute reported that 68% of companies in the oil and gas sector had experienced at least one cybersecurity compromise in the past year. Given the potential for loss of financial assets and the risks to employee safety, cybersecurity must be considered a priority.
Relied on by some of the largest oil and gas companies around the world, Darktrace Industrial helps cut through the complexity and proactively protect these infrastructures from the most advanced cyber-threats. Whether upstream, midstream or downstream, Darktrace Industrial can be deployed at every stage, to protect oil and gas production and transportation.
Recognizing the diverse and difficult environments that oil and gas companies operate in, Darktrace Industrial appliances can support low-bandwidth and remote environments through the use of ruggedized industrial probes. Remote deployments on rigs can include local modeling and analysis, as well as central correlation for security monitoring of all assets.
As manufacturers continue to innovate and integrate cutting-edge technologies into their day-to-day business operations, they are increasingly attracting more sophisticated attackers. From automated shop floors, to connected supply chains, the modern factory contains a large degree of interconnectivity between OT and IT systems. This level of interconnectivity allows business critical operations to run smoothly by enabling real-time analysis of data and processes.
However, this convergence of OT and IT has expanded the attack surface and opened new inroads for sophisticated cyber-attacks and insider threats. For this reason, it is essential for manufacturers to adequately protect their critical business operations, which if disrupted can lead to significant financial losses and reputational damage.
By deploying appliances in both the control system and the business network, Darktrace Industrial provides a single point of analysis, allowing security personnel to centrally monitor all network activity, from ongoing regular PLC traffic, to distributed IIoT sensor grids. Darktrace Industrial defends some of the most complex manufacturing environments around the world, including FMCG giants and leading pharmaceutical, chemical, and automotive companies.
The transport industry is undergoing a transformation of unprecedented scale fueled by the accelerated adoption of new technologies, from IoT to AI. From smart train tracking to monitoring for emerging weather risks to automating signaling infrastructures, these technologies have streamlined processes and increased efficiency, while also offering invaluable insights. Meanwhile, customer-facing technology, such as ePassport gates, ticket machines, and Wi-Fi networks have significantly enhanced passenger experience.
As technology becomes increasingly decentralized and autonomous, the challenge of securing the transport industry’s distributed infrastructures against cyber-threat whilst maintaining a high-level of service grows. The risks of disruption to physical assets, interruption of services, and data theft have never been greater. Yet traditional tools come ill-prepared for fending off novel and sophisticated threats, which frequently slip into networks undetected.
Darktrace Industrial defends some of the world’s most complex transportation environments across the globe, including leading organizations in the rail, aviation, and automotive sectors. Irrespective of whether the threat is posed by a malicious insider, a nation-state, or an organized group targeting OT environments, the Industrial Immune System enables transportation organizations to regain the advantage over fast-moving and silent cyber-threats.
Modern maritime networks are a mix of OT and IT environments, containing a wide range of systems from crew and passenger internet services, to ship automation, cargo handling and navigation systems. The digital era has created new opportunities for maritime, changing the way all aspects of the industry operate, be it ship traffic control in some of the busiest straits of the world, or automated shipyard inventories.
Whilst hugely beneficial for an industry so dependent on order and efficiency, the growing reliance on innovative tools has opened up new vulnerabilities for maritime. Substantial security weaknesses have been reported in critical technologies used for navigation and much of the industry continues to rely on legacy systems and aging operational technology.
For an industry which carries 95% of our trade, the results of a cyber-attack could be devastating. A breach in the maritime industry could lead to criminal activity such as theft or piracy, physical harm to people, cargos, and vessels, or the loss of commercial and personal data.
Darktrace Industrial can protect both shore-based port infrastructure and shipping fleets. By using either physical or virtual monitoring of individual ships, entire fleets can be visualized and defended from the mainland. Darktrace probes can relay telemetry over low-bandwidth satellite uplinks to provide real-time visibility and investigation – key capabilities for securing the maritime industry.
Smart City Infrastructure
An integral part of smart cities is the constant exchange of data through an immense network of internet-connected objects and services. From smart energy and smart grids, to IoT enabled fleets and devices, city infrastructures are continually collecting and analyzing data in order to pro-actively govern and make better use of resources.
With such a vast array of devices communicating constantly and connecting and disconnecting to and from different networks, the challenge of keeping the network secure is monumental. One weak link or compromised end-point could lead to a serious break down in functionality and efficiency.
As a result of this increasing digitization, municipal authorities now have to take responsibility for maintaining and protecting a wide range of IoT and OT devices. Whether from the cloud or locally, Darktrace Industrial can monitor the communications from edge devices to provide real-time visualization and protection for smart city infrastructure. Darktrace Industrial can build behavioral models for all forms of IoT devices, regardless of protocol or vendor to understand normal behavior of millions of disparate endpoints.
Established in 1996, ZPower is a leading manufacturer of rechargeable, silver-zinc microbatteries. Faced with an unfamiliar and fast-evolving threat landscape, that includes subtle attacks, insider threats, and ransomware, ZPower’s IT team sought to develop a robust security stack that could help mitigate these risks.
Established since 1963, BH Global Corporation Ltd is a Singapore SGX mainboard listed group providing supply chain management, design and manufacturing and engineering services to the marine and offshore and oil and gas industries. BH Global also has a security division that provides Enterprise IT security services, night visions security, and infrared health screening. A leader in each of its sectors of business, BH Global provides integrated and advanced solutions collectively across multiple industries.
MACOM decided to deploy Darktrace’s award-winning technology across its complex system, due to its unique capability to detect emerging abnormal behaviors and threats as they occur, without requiring any a priori knowledge. Darkrace is powered by machine learning and probabilistic mathematics from the University of Cambridge, which enables it to establish a ‘pattern of life’ specific to MACOM’s network allowing it to report any deviations from ‘normal’ behavior, which may be indicative of a serious breach. In this way, MACOM is kept up-to-date about its network activity and informed of incidents in real time.
This industry-leading furniture manufacturer was keen to defend its critical data assets from any potential compromise to its intellectual property and designs, confidential corporate information or customer data. Furthermore, the company was increasingly aware of the limitations of perimeter defenses and legacy approaches, which are unable to detect insider threat.
Saniflo is a French-owned subsidiary of leading global manufacturer the SFA Group, selling plumbing technology for residential and commercial premises. Eager to maintain its reputation for technical expertise and quality of service, Saniflo was looking for a cyber security solution capable of keeping up with a constantly-evolving cyber threat landscape, which could also provide full network visibility.
Founded in 1917, Sunsweet is the world’s largest manufacturer of dried fruit, controlling more than a third of the global prune market. In order to help secure the sensitive data of nearly 300 grower-members, Sunsweet deployed Darktrace to detect emerging threats, in real-time. By relying on the latest advancements in unsupervised machine learning and artificial intelligence, it has increased productivity while enjoying greater confidence in its ability to stay abreast of a threat landscape that is increasingly characterized by speed, sophistication, and automation.
In an effort to protect its intellectual property and sensitive customer, employee, and partner information, Aqua-Leisure deployed Darktrace’s innovative self-learning technology to detect emerging cyber-threats, in real time, without any prior assumptions of known ‘bad’. Because Darktrace’s technology is constantly evolving its understanding of ‘normal’, it grows and adapts as the company expands. With Darktrace, Aqua-Leisure can remain proactive in the face of a threat landscape characterized by machine-speed, sophisticated attacks.
H&M International Transportation
H&M manages over 1.5 million containers per year and provides a host of services to support and facilitate effective supply chain management, including steamship lines, intermodal trucking, and warehousing and distribution. The company’s attack surface was rapidly multiplying as its operations expanded, and having positioned itself as an early champion of increased integration in the industry, taking a proactive approach to cyber security was of paramount business importance.
Transport systems are becoming increasingly interconnected via digital applications, making them more susceptible to cyber-attacks. FirstGroup was aware that new attack vectors meant that its critical systems and networks were vulnerable to new and evolving cyber-threats from all over the world, and decided to deploy Darktrace’s technology into the core of its network, in order to enhance its ability to defend itself against potential damaging cyber incidents.
Milan-Bergamo Orio al Serio International Airport
The digitization of airport practices creates potential vulnerabilities and possible entry-points for cyber adversaries. This is a pressing concern for Orio al Serio International Airport which, as part of Italy’s critical national infrastructure, is already a likely target for malicious attacks. As such, the airport was keen to strengthen its cyber defense strategy with the latest, most innovative cyber technology available. After deploying Darktrace’s immune system technology, Orio al Serio International Airport is now alerted to genuinely anomalous behavior, that may be indicative of cyber-threat, in real time.
A Dubai-based logistics provider to the oil industry, Tristar needed a cyber defense solution which was able to scale and adapt to their fast-growing business. Darktrace Antigena gives Tristar the threat detection and autonomous response capacities to protect its sensitive customer data and operational systems. Darktrace also provides the visibility needed to maintain Tristar's hybrid digital infrastructure.
The stakes of cyber-threats in this sector are high given the possible implications on the integrity of national critical infrastructure. As a large company with an extensive customer base, spanning several global locations, Apave has many users on its network at all times. Given the limitations of traditional legacy tools in detecting potential insider threat, the company wanted to focus less on perimeter defense and more on the activity inside its network.
This leading Canadian local distribution company was concerned about fast-moving and automated threats, like ransomware, that has the potential to compromise its network within minutes. By arming itself with Darktrace’s innovative self-learning technology, Energy+ has renewed confidence in its security stack’s ability to detect and mitigate evolving and increasingly automated attacks.