Protecting the endpoint with Self-Learning AI: A customer perspective
The National Farmers' Union (NFU) is the largest farmers’ organization in England and Wales, representing more than 46,000 farming businesses and over 80,000 members. We champion farmers across the country and represent them in Europe, negotiating with governments and other organizations from our Brussels office.
Despite the wide scope of our operations, our IT team consists of only 15 individuals. Because of this, we began looking for a security solution which could bolster our small team and its capacity to monitor our organization without complicating our security efforts.
Revealing NFU’s Environment with AI
We were satisfied that our firewalls and other older security tools were doing all that they could to protect our perimeter security. These tools could be working perfectly, but we would still lack the ability to know whether attacks were unfolding under the radar within our network. In other words, we needed visibility when there were already hackers inside.
Even with the best perimeter protection we could buy, this remained a blind spot, and the numerous high-profile stories in the news regarding successful ransomware attacks over last few years left the team increasingly on edge.
We also knew that attackers weren’t just probing in one area – we needed coverage over our entire digital estate, including our endpoint devices and Microsoft 365 activity. These were the areas that were the most difficult to get visibility over, but also the newest parts of our digital estate and the most vulnerable to attacks.
When we were introduced to Darktrace, we quickly saw its potential: the visibility it gave us across our digital estate was unparalleled, and its Autonomous Response technology was something we knew could be a huge benefit for NFU.
Previously, we’d lost hours sifting through data in an attempt to respond to attacks, and that’s only after dealing with numerous emails and false positives from our old security solutions. Once Darktrace was implemented, it covered everything, allowing us to view our entire organization from a single platform, and it dealt with threats 24/7 without requiring any input from us.
Taking action on a pre-infected endpoint
NFU’s adoption of hybrid working brought the importance of endpoint security to the forefront of our team’s minds. The dispersion of company devices across the country made it harder than ever for the team to monitor logs with their existing manpower, and we were constantly worried that an employee at home – whether or not they were connected to the company VPN – might inadvertently open us up to an attack like ransomware.
Because it bases its detection on an understanding of the digital estate’s ‘normal’ behaviors, we hadn’t expected that Darktrace would be able to spot threats in pre-infected environments. As soon as we deployed Darktrace/Endpoint, however, it spotted a user trying to make root level changes to one of our servers from a company laptop without permission, and immediately blocked the activity while allowing the user to continue legitimate business operations. Its ability to differentiate between benign and risky activity was impressive.
A straightforward threat summary delivered to our security team allowed us to understand the situation quickly and easily. Seeing this technology not only spotting dangerous activity, but quickly taking the necessary steps to stop it and strengthen our security posture in its wake, has really given us that extra peace of mind.
Enhancing existing tools with AI
Adding something to your security stack can often mean taking one step forward and two steps back, as the incorporation of a new solution can damage the ability of an old one. For example, creating two VPNs: while it seems like it might provide greater security, the two networks often disrupt one another and only make protection more difficult.
Darktrace, however, augments existing endpoint solutions, utilizing the data they gather in its investigations. By implementing the technology, we weren’t replacing our existing security tools but enhancing them. The way we see it, the greater the depth and breadth of information we feed into Darktrace’s AI, the greater its understanding and the better its decision-making; ultimately, the better it can protect our organization.
In addition to our endpoint devices, Darktrace now works across our Microsoft 365 environments and the network. It uses data from all three areas to draw conclusions about emerging threats and can take action against attacks wherever and whenever they emerge in the digital environment. Knowing this allows us to finally feel confident in our security posture, and to focus our efforts on the rest of our business operations.