With a broad attack surface driven by an extensive IoT environment, limited security resources, and the potential for disruptions to critical physical infrastructure, DTC Communications faced a complex set of challenges in securing its large network infrastructure.  

Large attack surface with IoT

DTC Communications has an extensive IoT infrastructure of embedded systems, including blades, cards, and other specialized telecom hardware. While protecting these assets is critical, the company can’t simply install software agents on these systems because many lack the capability for conventional security tools.

Limited resources and a decentralized business  

The company operates 24/7, year-round to support broadband and connectivity needs, but doesn’t have a full SOC to watch its network at all times. It also needed a solution that wouldn’t require manual installation and configuration of security software on every endpoint.

Threats to physical infrastructure

Telecommunications networks frequently experience Denial-of-Service (DoS) attacks, which can target specific equipment and disrupt operations. Restoring systems after such an event isn’t as simple as pushing a software update.  

“If something goes wrong, our teams have to travel long distances to physically access and repair the equipment,” said Edward Massey, Department Head – Network Engineering, Telecommunications, and IT.  

As the company evaluated several solutions, Massey wanted to see its response times with his own eyes. Other vendors offered only high-level demos or required manual software installations. Darktrace stood out by providing the team with an appliance to run and test in the company’s own environment.  

“This hands-on experience made a big difference because we could see the tangible security benefits,” Massey said.  

Today, DTC Communications relies on the Darktrace ActiveAI Security Platform, including

• Darktrace / NETWORK
• Darktrace / EMAIL
• Darktrace / IDENTITY
• Darktrace’s Managed Services
• Darktrace Cyber AI Analyst  

Self-Learning AI: A “game changer”

During testing, Massey saw the value of Darktrace’s Self-Learning AI as it learned the environment, established a baseline, and identified deviations in real time.  

“Anomalies that seemed harmless to us were immediately flagged. Darktrace’s AI responded to those in real time, stopping incidents to give us time to investigate before they spread laterally or caused real damage. It’s a true game changer,” said Massey.  

A comprehensive platform approach

The Darktrace platform provides holistic coverage across the entire cyber and physical infrastructure and extends visibility into devices that were previously outside its reach.  

“Darktrace could integrate with our existing security stack, giving us visibility of threats across our entire network, including IoT and other embedded systems,” said Massey.

Within a short period, DTC Communications saw immediate security improvements with Darktrace:

• It would take an entire SOC staffed by a team of analysts to achieve the same level of coverage Darktrace is providing.
• Automated investigations:  
• Darktrace Cyber AI Analyst conducted a total of 1,356 total investigations within three months, resolving 1,227 of those autonomously and escalating only 129 to analysts.
• Darktrace Autonomous Response neutralized incidents in an average of 12 minutes 58 seconds  
• Cyber AI Analyst averaged a 4 minute 41second investigation time per incident
• Darktrace controlled 3,092 behaviors indicative of an attack
• Security team efficiency: In just 13 days, Cyber AI Analyst:
• Saved 72 analyst hours on investigations
• Saved $2,520 in analyst resources
• Reduced the team’s average investigation time by 3 hours 26 minutes

A unified security platform: Centralized threat management

Instead of managing thousands of alerts from multiple tools, DTC Communications now has a centralized dashboard that presents information in a clear, actionable way.  

“One of the biggest advantages of Darktrace is its ability to integrate with a range of technologies and provide a unified view of our security data within a single pane of glass,” said Massey. “With this integration and automation, we can proactively manage our security posture instead of constantly playing catch-up.”

Identity-based threat insights

Darktrace provides critical insights into potential breaches, especially identity-based attacks. When Massey’s team noticed unusual network activity last year, his team hesitated to overreact. But Darktrace's persistent alerts indicated something was truly wrong, which turned out to be the case.  

“We were able to quickly make informed containment decisions. Meanwhile, Darktrace was already taking proactive action, preventing further escalation as we investigated,” said Massey.

Autonomous threat investigation and response

Automation has transformed the company’s approach to cybersecurity.

“Darktrace handles multiple incidents simultaneously, alerting us only to the critical few while autonomously managing the rest,” said Massey. The platform prioritizes threats, allowing the team to focus on what matters – “turning a potential crisis into more of an inconvenience.”  

Email security: Proactively detecting hidden threats

Before Darktrace, the organization relied on native email filtering as its first line of defense.  

“We learned the hard way that advanced phishing attempts could still slip through,” said Massey. In one case, a seemingly legitimate email passed initial security checks, but Darktrace detected unusual domain activity, “allowing us to intervene before the attack escalated.”

Efficiency gains and time savings: A better use of analyst time

Darktrace automates far more investigations than DTC Communications could handle manually.  

“This efficiency is a key point in board meetings because it offsets the need for additional headcount,” said Massey. “With a team of just nine people managing tens of thousands of devices, we would need an entire SOC staffed by a team of analysts to achieve the same level of coverage we have with Darktrace.”  

Managed services: 24/7 security coverage

Recently, DTC Communications added Darktrace’s services to ensure constant monitoring—even when the team is off-duty or focused on other projects.  

“With this added support, the system takes action automatically, and the managed services team can escalate threats as needed,” Massey said.  

Modernizing with confidence

In the coming year, DTC Communications plans to bolster its datacenter security while upgrading aging infrastructure. As it introduces new technology, “Darktrace will ensure security remains a priority as we modernize,” said Massey.  

The company is exploring an expanded partnership with Darktrace, focusing on endpoint protection to secure, monitor, and assess all connected devices. Additionally, it is evaluating Darktrace’s Managed Detection and Response (MDR) solution for, “an added layer of expert support to enhance our response strategy and help us make smarter, more strategic cybersecurity decisions.”  

‍

* Metrics are based on DTC Communications business data and sourced from its monthly Cyber AI Insights reporting