Copperbelt Energy Corporation
At a glance:
Security team now proactive instead of reactive to threats
24/7 AI Autonomous Response
Major vulnerabilities detected and remediated with Cyber AI
Accessible user interface for executive review
As a leading player in the energy and utilities space, the main concern for the Copperbelt Energy Corporation Plc was safeguarding its complex OT infrastructure. Increasingly connected with general information networks, its operating machinery had become vulnerable to new vectors of attack.
Whether indirectly compromised through disruption to the corporate network, or targeted by an ICS-specific attack, any disruption to the company's SCADA network would have resulted in significant financial and reputational loss.
Complicating this task was the overwhelming amount of digital information Copperbelt Energy Corporation Plc's small team of security analysts were faced with on a daily basis. Scouring through hundreds of alerts was a time-con-suming, laborious process. "We were very reactive to potential threats to the business, and that reactiveness was extremely slow,"" explained Choolwe Nalubamba, Head of Telecommunications and Information Systems.
After a 30-day Proof-of-Value, Copperbelt Energy Corporation Plc deployed both the Industrial Immune System and Darktrace Antigena to cover its OT and IT systems.
Like a human immune system, Darktrace's core technology uses Self-Learning AI to learn what's normal for its environment, analyzing patterns in behavior for every user, device, and controller. From this baseline, it identifies abnormal activity indicative of a threat or vulnerability as it emerges.
Beyond simply raising an alert to the security team, Darktrace Antigena then takes action to respond autonomously, neutralizing malicious activity within seconds of the threat being identified. Notifications of Antigena's actions are alerted via the Darktrace Threat Visualizer and the Darktrace Mobile App, with the security team now receiving alerts as soon as an incident takes place.
"Darktrace does all the analysis and remediation for us in real time, and we are able to receive notifications of certain events wherever we are", commented Nalubamba.
The value of the technology was instantly recognized for both its ability to identify novel threats and vulnerabilities as well as function as a force multiplier – augmenting the capabilities of the existing security professionals. The team has gone from being reactive to proactive, taking necessary action before an incident can escalate into a crisis.
"Darktrace is always alive, looking at traffic across the entire digital estate; something that you would otherwise need several analysts to do", explained Nalubamba.
The security team has also benefited from increased visibility of its OT network, including complete oversight of the connections between its IT and OT systems. Darktrace shines a light into every corner of the network, displaying Copperbelt's OT, IT, and IoT in a unified view.
Security Flaw Detected
Early in its deployment, Darktrace's AI identified that the controller responsible for Copperbelt's gas turbines was originally managed remotely from a single internet-connected laptop. This represented a significant security risk of which the SOC was previously unaware. The Industrial Immune System highlighted the vulnerability and Darktrace Antigena autonomously responded by isolating the laptop before any damage could be done.