Telenor IoT
Traditional security tools cannot accomplish what we do now with Darktrace.
Leveraging AI to make sense of cybersecurity data
As a worldwide communications provider, Telenor IoT is familiar with big data, and managing its cybersecurity is no exception. Telenor IoT turned to Darktrace to monitor its cloud environment and cut through the noise to help the security team stay informed on critical incidents.
Darktrace’s Self-Learning AI can be brought anywhere a company has data, and immediately starts to learn normal device connections, user behaviors, and patterns. With this understanding, Darktrace can identify abnormal activity that indicates a cyber-attack. Cyber AI Analyst then investigates these anomalies, connecting the dots between individual events to reveal whether they are part of an overall security incident, before using Explainable AI to generate digestible reports for the security team.
“The AI approach is the number one reason for choosing this software,” said Mattias Rundén, Business Security Officer at Telenor IoT. “It helps us to find areas of interest and to get a first view of incidents. Darktrace not only finds the problem, but also provides a possible resolution, or background info for follow-up, helping us to reduce our response time.”
Darktrace is dynamic, scalable, and unbiased. It continuously evolves with the company’s digital environment. It filters out billions of data points at machine speed. Since it does not rely on human-inputted rules and signatures, it can discover potential threats the security team doesn’t know to look for.
“We see Darktrace as a very good tool and complement to our security work,” said Martin Whitlock, CTO at Telenor IoT. “When it comes to the actual monitoring of your real-time IT environment, adding AI-driven technology helps, and might even be the best and only way to do some things.”
Securing cloud environments and their integrations
Telenor IoT was an early adopter of cloud technology, and has long had a cloud-first approach, using AWS with EC2, CloudTrail, and Kubernetes.
The IT team deployed Darktrace / CLOUD to monitor its full cloud environment. Darktrace / CLOUD extracts raw data directly from cloud connections, such as the source port, destination port, application protocol, and SMB version. AI models analyze the data to look for suspicious read:write ratios, unusual connections for the device, potential network scanning, and more. Darktrace then communicates its findings to the security team with easily understood alerts, reducing the team’s time-to-meaning.
“That’s one of the reasons we looked in Darktrace’s direction,” Whitlock said. “The AI has the ability to make observations and take positions through analytics of data, with a pace and rate that I don’t believe any human can expect to do. It really makes a difference.”
Darktrace is certified by an AWS Foundational Technical Review and was granted a “Well-Architected” badge, recognizing the software to be secure, reliable, and cost-optimized. Darktrace’s cloud-native capabilities and serverless architecture allow automatic deployment and scaling to cover all cloud workloads and traffic.
“Traditional security tools cannot accomplish what we do now with Darktrace. As long-time cloud users, having this tool to safeguard what we do on a daily basis is very valuable for us,” Rundén said.
Darktrace / CLOUD supports all of Telenor IoT’s cloud integrations. For example, it uses specialized sensors for an environment containerized by Kubernetes, and it monitors internal management and data events using HTTP requests for log files generated by AWS CloudTrail.
Keeping supply chains safe with Darktrace
Since Telenor IoT’s solutions interact directly with its customers’ business critical applications, it prioritizes cybersecurity to avoid acting as a vector for supply chain attacks.
“Whatever we do on our backend side, if that fails, it will impact our customer facing services as well. We need to do our part, and that is staying secure,” Whitlock said.
Darktrace integrates with Telenor IoT’s other tools to strengthen the overall security posture. The security team logs into Darktrace daily to review all findings and check if any anomalies require follow-up. For example, the team most commonly sees Darktrace detect users’ logging in from unusual locations, which may indicate that an account’s credentials were compromised though a social engineering attack or info-stealing software.
“Darktrace really does what it’s supposed to do. There is proof that it really works as intended,” Rundén said.
The AI has the ability to make observations and take positions through analytics of data, with a pace and rate that I don’t believe any human can expect to do.