Evolving security risks driven by remote work and increasingly diverse cyber attacks

As the pandemic escalated in 2020, Broadmedia moved quickly to introduce remote work for all employees. As part of this shift, the company retired its traditional on-premises VPN and migrated many internal IT resources to the cloud. Broadmedia began working toward a zero trust model that would require proper authentication and enforce least-privilege access for any device, user, and location, without relying on perimeter-based defenses.

At the same time, cyber attacks targeting enterprises were becoming more sophisticated, shifting from individuals acting for amusement to organized campaigns carried out by state-level groups. The risks continued to mount, including ransomware operators leaking stolen data, demanding payment, and inflicting long-term reputational damage. Concerns also grew around shadow IT, such as unauthorized personal devices quietly entering and operating within the corporate network.

Broadmedia is the authorized distributor in Japan for one of the world’s largest content delivery network providers. The company delivers Content Delivery Network (CDN) services that optimize content distribution and offers robust security services, supported by a large team of engineers who provide a range of technical solutions. This made it essential that any new security product be deployed with great care to avoid interfering with the tools required for CDN operations.

Against this backdrop, and with no dedicated cybersecurity team in place, Broadmedia needed a way to detect and contain anomalous behavior across both its on-premises and cloud environments, and to do so autonomously with minimal human intervention. It was in this search that the company discovered Darktrace. Its AI technology continuously learns normal communication patterns across internal and external traffic in real time, without disrupting day-to-day operations, and can contain emerging cyber threats before they escalate.

Continuous Visibility Across All Traffic and Autonomous Threat Detection and Containment by AI Operating Around the Clock

Darktrace’s products, typically delivered as integrated hardware and software appliances, do not rely on rules or signatures and require no advance configuration or ongoing maintenance. Instead, they use proprietary Self-Learning AI, which continuously models and visualizes the normal behavior and communication patterns of every user and device, regardless of the underlying digital infrastructure. This enables the technology to autonomously detect and contain cyber threats in real time whenever activity deviates from the learned baseline. The same AI also automates investigation, analysis, and Japanese-language reporting at high speed, based on the world’s first technology capable of performing these functions end to end.

Beyond on-premises IT networks, organizations can deploy virtual appliances, modules, and sensors to extend monitoring across cloud environments, SaaS applications, remote work devices, and IoT systems. The AI continuously analyzes packet data, examining factors such as communication destinations, timeframe, traffic volume, and frequency. By autonomously learning these characteristics for every user, device, and subnet, the system can immediately surface and visualize any unknown threat or insider risk that deviates from the baseline.

With Darktrace’s web-based 3D visualization tool Threat Visualizer, all packet activity flowing across the network is displayed centrally and in real time. Devices and users are represented as icons, and communication flows and detected alerts are color coded automatically based on objective deviation thresholds that indicate how far the activity strays from normal behavior. With Darktrace / NETWORKTM, Broadmedia adopted Darktrace’s Self-Learning AI, which autonomously sends reset packets to halt high-severity anomalous communications around the clock.

During the proof-of-value period*, the Threat Visualizer quickly surfaced several noteworthy events. On one laptop, an executable file was downloaded from a user agent and URL that had never been observed before. In another case, a departing employee’s workstation uploaded an unusually large volume of data to a cloud storage service. The first incident turned out to be related to an application automatically installing ad-supported components, and the second was part of a legitimate handover process. Although both were minor, neither alert was detected autonomously by the company’s existing UTM product. These cases demonstrated the advantage of Darktrace’s unsupervised learning approach, which can identify deviations at the earliest possible stage, even before they manifest as overt threats.

(*) Proof of Value: a four-week pre-deployment evaluation.

AI Extends Autonomous Monitoring to Every Remote Device and User

Broadmedia monitors approximately 1,800 laptops used by its roughly 500 employees, applying unified machine learning and visualization to all traffic flowing between its on-premises and cloud environments. To strengthen visibility over remote devices that do not pass through the on-premises VPN, the company also deployed Darktrace / ENDPOINTTM, a lightweight agent compatible with both Windows and macOS. This client sensor enables detailed monitoring of laptop activity wherever the devices are located.

Broadmedia further expanded its monitoring capabilities by deploying Darktrace / IDENTITYTM, a module that connects to major SaaS applications through APIs and collects audit logs to detect unusual logins and suspicious activity occurring in the cloud. The company added roughly 500 Microsoft 365 accounts to its monitoring scope, establishing an AI-driven capability that observes not only device behavior but also user behavior across the organization. Because Darktrace’s AI continuously learns the normal activity patterns of each employee, it can immediately identify deviations from typical behavior without any advance configuration, even in situations where access policies differ due to individual work styles or job functions.