M&S Logistics

M&S Logistics is a global provider of bulk liquid transportation solutions for the chemical and food industries. Managing a global fleet of more than 10,000 tank containers adds extraordinary layers of operational, safety, and regulatory complexity – making data protection a high priority.

Information is as critical as infrastructure for the company. Shipment schedules, route data, customer contracts, and compliance records are core assets – and prime targets for attackers.  “Our most valuable asset is our data,” said Pip Robbins, International IT Manager at M&S Logistics. “If we lost our data or it was encrypted through ransomware we’d be out of business. Reputational integrity is paramount. We’re the third largest company in the world that does what we do – our customers trust us, and we can’t afford to lose that.”

In 2022, M&S Logistics took a proactive approach to cyber resilience, investing in AI. The company adopted the Darktrace ActiveAI Security Platform for autonomous threat detection and response to safeguard its distributed operations.

Because the security operations center (SOC) was used to the constant barrage of alerts, Pip admits it took time to trust Darktrace’s autonomous capabilities, describing the quiet as unsettling compared to the usual overload of noise and tedious work. “I thought to myself, ‘It can’t be this simple. Nothing’s this simple. Is this silence normal? Is this really working?’”

But Pip quickly realized Darktrace was simply doing its job – autonomously conducting 11,529 investigations within one year, detecting and containing 6,332 potential incidents, resolving 99% of those incidents, and only elevating the most critical ones (1%) to human analysts to investigate.

Today, Darktrace is delivering 24/7 protection for M&S Logistics, reducing false alerts, and multiplying the impact of the security team without adding headcount. “We were no longer buried in noise because Darktrace is managing the majority of alerts for us, surfacing only about 1% of incidents for our team to further investigate.”

Based on its success with Darktrace, M&S Logistics was eager to participate in Darktrace’s latest innovations across the platform. “We like to be at the forefront of technology. That’s why we chose Darktrace in the first place,” Pip said. “Typically, I’m very cautious with updates. But I’m a massive fan and advocate of Darktrace and was eager to get an early look at what Darktrace was doing. I’m so incredibly confident in Darktrace and the team behind it that I had no hesitation joining the program.”

Darktrace is advancing security with new innovations to the ActiveAI Security Platform by closing the gaps that attackers exploit between IT domains. M&S Logistics is working closely with the Darktrace product and engineering teams to explore the latest advancements in agentic AI, including:

• Label-free data loss prevention (DLP)
• Microsoft Defender and Security Copilot integration, and
• Advanced network and endpoint telemetry.

M&S Logistics’ feedback is instrumental in helping shape future innovations for the logistics and supply chain sector.

No more chasing labels: Dynamic data protection

Prior to using Darktrace , the company’s legacy data loss prevention (DLP) tools repeatedly triggered on the same benign activity, wasting hours of analysts’ time. M&S Logistics was among the first to experience Darktrace’s label-free, AI-driven data protection, leveraging behavioral AI to detect Personally Identifiable Information (PII) and sensitive data across 35+ categories in real time.

Where traditional DLP solutions are dictated by a series of rigid policies that depend on generalized rules or labelled data, Darktrace label-free behavioral DLP solution can detect sensitive data types and provide in-time user response – a crucial component of an organization’s data security strategy.  

The capability has been transformative for M&S Logistics, especially for the global business that spans 23 offices in different time zones with diverse compliance requirements. Where traditional tools required analysts to export firewall data to spreadsheets and scroll through rows and rows of names, Darktrace groups behaviors together intelligently, without labels.

“With Darktrace we’re not chasing labels, we’re protecting data dynamically,” said Pip. “Once an event is confirmed benign, Darktrace suppresses similar alerts in the future. Over time, I get fewer false positives because the AI recognizes the patterns – it’s so clever. Lessons learned in one office can be applied globally, so we’re always a step ahead. That’s what I love about it. It’s a huge advantage and a game changer for compliance and trust.”

Unifying telemetry, context, and AI decision-making

Today’s attackers are exploiting the gaps between email, network, endpoint, cloud, and OT environments, making investigations into incidents highly complex. Pip said it used to take an analyst – using numerous tools – hours to piece together evidence across domains. “It was copy, paste, repeat – tedious work that drained productivity from our day.”

The newest release has streamlined the detection and investigative power of Darktrace by delivering the industry’s only mixed Network and Endpoint eXtended Telemetry agent (NEXT). The enhancement provides multi-domain detection by natively combining network monitoring with endpoint process telemetry, complementing existing EDR solutions. This enables Darktrace to identify known and novel threats that existing solutions miss and extends sophisticated agentic AI across all major security domains to automate triage and investigation.

Pip says Darktrace automatically flags suspicious incidents across all the company’s domains and provides analysts with the information they need – presented in context, within minutes – from the inbox to network packets to endpoint processes. If clean, analysts can click once to ‘ignore for all users’ and move on. Pip says this ability alone saves them hours a day.

Seamless operations: New Darktrace ActiveAI Security Portal

To break down silos across the cyber defense lifecycle, Darktrace introduced the new Darktrace ActiveAI Security Portal for managing security at scale across diverse environments. The enhancement ensures that visibility, control, and scalability extend beyond detection and response and into how teams manage and interact with the platform.

“I love the new Darktrace’s interface; it’s so beautiful. The portal is incredibly easy to use while giving us holistic visibility across all our environments. I can see everything I need in one place. It’s always open on my screen – it’s the first thing I open after email, and it stays open all day, every day. That’s how much I love it.”

Proactive SOC security, powered by Microsoft-native integrations

Darktrace  delivers the industry-first Microsoft-native integrations. The enhancement streamlines SOC workflows with unified quarantine in Microsoft Defender and instant threat insights in Security Copilot, consolidating views and accelerating investigations.

“The integrated automation between Darktrace and Microsoft have eliminated console-hopping and fragmented workflows,” said Pip. “We’ve transformed our SOC into a proactive defense force, without adding new tools or headcount. It’s protecting the lifeblood of our business – our data, especially against risky behaviors we might otherwise miss.”

For example:

• To avoid lugging her heavy laptop to onsite client meetings, one employee was caught emailing confidential data to her personal email so she could access it on her iPad.
• An employee in finance was caught sending spreadsheets to a personal email address so he could work on them over the weekend.

Although neither incident was malicious in nature, the risky behaviors had the potential to expose the company to significant risk. “Darktrace helped us catch those issues immediately, fix them, and raise awareness across the business with employees and managers.”

Reinvesting time on priorities and skill building

Pip says he and his team are no longer overwhelmed by false alerts or daunted by a lack of visibility. “I can truthfully and sincerely say I love my job,” said Pip. “I don’t lie awake at night worrying if we’ll lose our data. We’ve got the right tools in place, which means I can focus on my real job as an IT manager.”

Within a single month, the SOC saved 304 analyst hours on investigations using Darktrace. Pip recently led a full SharePoint rollout and launched a company-wide cyber awareness training program – initiatives he never could have tackled without the efficiency gains from Darktrace. And one analyst told Pip he was “absolutely blown away” by Darktrace and is genuinely excited about focusing his energy and skills on proactive defense instead of manual drudgery.

Pip doesn’t hold back when it comes to his fondness for Darktrace among industry peers. “We all talk in the industry about who has what, and I push Darktrace every time. It’s genuinely changed how we work and how we think about security.” Drawing on his experience with the newest Self-Learning AI capabilities, he’s confident that Darktrace will remain pivotal to M&S Logistics’ cybersecurity strategy.

“Darktrace is absolutely vital to where we’re heading as a company. With protection and peace of mind in place, we can focus our energy on what matters most – growing the business and delivering excellence to our customers.”