City of Las Vegas
Darktrace ActiveAI Security Platform gives us confidence. We know we have an AI teammate that is continually learning how our entire ecosystem operates, strengthening our defenses and looking out for any abnormal activity.
Using AI to keep up with innovation
The City of Las Vegas is an internationally recognized brand, and as such, protecting its diverse and complex digital environment from cyber disruption is a top priority. As it gears up to host global sporting events, including major NFL and NHL games as well as its debut F1 Grand Prix, its cybersecurity leadership anticipates an uptick in malicious activity from those seeking to interfere with proceedings or gain financially.
Protecting the city’s digital assets is essential for ensuring these major events run smoothly and that the trust of Las Vegas’ citizens and visitors is maintained. The city’s Chief Innovation and Technology Officer, Michael Sherwood, has been a proponent of the use of Darktrace’s AI for nearly a decade. “Every cyber-attack is different,” he said,“and there will never be enough human staff to defend against the variety of threats in today’s landscape.”
The city needed a technology stack that could not only save its cybersecurity team human-hours in threat investigation and response, but go further, spotting the subtle signs of emerging cyber incidents while still in their early stages.
An evolving partnership
The City of Las Vegas was an early Darktrace customer, adopting Darktrace Real-Time Detection for instant visibility of cyber-attacks on its network. With an evolving understanding of the city’s unique digital infrastructure, the AI has unmasked significant threats that deviated from ‘normal’ network behavior – including novel threats that flew under the radar of traditional, signature-based tools.
Upon seeing remarkable results, the city expanded Darktrace’s coverage to its cloud infrastructure, email systems, and industrial networks. It also brought on additional capabilities such as Darktrace Autonomous Response, allowing for 24/7 protection from cyber disruption with targeted AI-powered containment of threats.
In 2022, the city deployed Darktrace / Proactive Exposure Management and / Attack Surface Management to proactively get ahead of threats, identifying potential weaknesses in its attack surface ahead of time and hardening defenses around critical assets and attack paths. The following year, the city added complete incident lifecycle protection with the adoption of Darktrace / Incident Readiness & Recovery, a tool to improve cyber preparedness and recovery post-incident.
Over time, Sherwood’s staff have embraced and developed a trust in the AI-driven technology that Darktrace provides, allowing the AI to take on the day-to-day tasks and giving his staff the freedom to spend time on more strategic, higher-level work.
Being ready and recovering with Darktrace
The City of Las Vegas uses / Incident Readiness & Recovery to get real-time awareness of its readiness for a cyber-attack – using Darktrace AI’s understanding of its systems to know how prepared its people and the rest of its technology stack is for an incident. Sherwood explained that “with / Incident Readiness & Recovery as part of our portfolio, we can simulate cyber incidents, which helps us practice and prepare, bringing our team to a higher level before an attack happens.”
Prior to installing / Incident Readiness & Recovery, the City of Las Vegas relied on a combination of tabletop exercises, and static playbooks for incident management. Now, in the face of an emerging incident, / Incident Readiness & Recovery creates bespoke, AI-generated playbooks to allow the security team to respond based on precise incident details – rather than a one-size-fits-all static playbook that can’t adapt to the exact real-world scenario.
Equipped with / Incident Readiness & Recovery, the IT staff can get back into “recovery mode” quicker once an attack takes place. Sherwood stated that “the AI helps us understand the event and brings our systems back online, reducing disturbance to our business operations.” / Incident Readiness & Recovery provides Sherwood’s staff with automated readiness analysis, incident simulations, and incident reports. It also provides the team with a secure, centralized communications channel, and automatically generated detailed, timelined reports noting every action (manual or automated) taken during a cyber incident – which has significant time saving potential, particularly for compliance and audit purposes.
Crucially, / Incident Readiness & Recovery takes information from and feeds back into the rest of Darktrace’s capabilities: / Proactive Exposure Management, Real-Time Detection, and Autonomous Response. These tools across the platform all feed into each other, autonomously, to systematically improve the city’s overall cyber resilience.
“Having Darktrace with us at every stage of an incident lifecycle is so important,” Sherwood said. “Having AI that knows the nuances of our digital environment helps us ward off cyber disruption and keep the city in operation.”