Facing emerging threats and the limits of perimeter security

Founded in 1949, Tokai Kyowa has long supported Japan’s trade operations from its base at the Port of Nagoya, one of the country’s major logistics hubs. With partner companies across Japan and around the world, the company specializes in integrated sea and land transportation, overseeing the entire logistics process from cargo acceptance through final delivery.

To keep logistics operations running smoothly, Tokai Kyowa routinely allowed business partners to remotely access its operational systems, and network communications outside normal business hours were common across employee workstations. This level of connectivity was essential to day-to-day operations, but it also expanded the company’s digital exposure.

In September 2022, a large-scale cyber incident targeted websites associated with the Port of Nagoya, reportedly carried out by an international hacking group. Around the same time, one of Tokai Kyowa’s business partners fell victim to a separate ransomware attack. Although Tokai Kyowa itself did not suffer direct damage, but the message was clear. Cyber threats were no longer distant possibilities; they were happening close at hand.

At the time, the company relied on traditional perimeter-based defenses. Endpoint security software was installed on individual PCs, supported by a UTM platform at the network edge. These tools were effective against known threats but relied heavily on rules and signatures. They struggled to keep pace with unknown attacks, were complex to maintain, and offered little visibility into insider misuse or subtle anomalies.

Manual endpoint deployment added another layer of risk. If even a few machines were misconfigured or missed, they could become weak points for attackers.

Tokai Kyowa began looking for a different approach. The goal was clear. Detect unexpected anomalies early, inside and outside the network, without disrupting existing systems or daily operations.

This search led the company to Darktrace and its security platform.

Based on this evaluation, Tokai Kyowa launched a proof-of-value (*) program covering approximately 300 workstations used by all employees.

(*) Proof of Value: a four-week pre-deployment evaluation.

Real-time visibility and autonomous threat containment

For its evaluation, Tokai Kyowa focused on Darktrace / NETWORKTM. The platform collects network communication data across the environment and applies Darktrace’s proprietary Self-Learning AI to continuously analyze it. By establishing a baseline of normal behavior, it can quickly identify anomalous activity that deviates from that baseline. When unusual activity reaches a critical level, it can be automatically contained, with incidents documented in Japanese for the security team.

Just as important was how easily the technology fit into existing operations. Deployment required no major changes to the network, allowing Tokai Kyowa to begin monitoring quickly without disrupting day-to-day logistics work. The same visibility could later be extended beyond the core network to cloud services and other connected environments.

The real turning point came during the proof-of-value period. Each week, Tokai Kyowa’s security team reviewed Threat Intelligence Reports provided by Darktrace’s cyber analysts. What they saw was sobering. Employee workstations were communicating with unfamiliar overseas domains. Some traffic with international partners was unencrypted. In other cases, users accessed suspicious websites that appeared to be legitimate e-commerce services. None of this activity had been flagged by the company’s existing perimeter-based tools.

Through this process, Tokai Kyowa gained a clear understanding of the platform’s value.

Stopping Unknown Threats with a Lean Team

Because Tokai Kyowa frequently exchanges communications with overseas partners as part of its daily operations, the company needed fine-grained control over how and when network traffic would be blocked. Using Darktrace’s autonomous response capability, Tokai Kyowa configured response modes based on day of the week, time of day, and severity level. Through a dedicated mobile application and management dashboard, responses can be either manually approved or fully automated, allowing the AI to precisely and autonomously block only those anomalies that meet predefined conditions. In practice, any communication with an anomaly score exceeding 80 percent is automatically contained, regardless of the time or day.

In parallel, Tokai Kyowa also leverages Managed Threat Detection (MTD), a SOC service delivered by Darktrace’s cyber analysts and certified partners. In addition to continuous monitoring, the Darktrace Analyst team proactively surfaces alerts by investigating the most serious activity, producing clear incident reports, and directly drawing Tokai Kyowa’s attention to issues at the earliest possible stage. Through these SOC generated insights, Tokai Kyowa receives root cause context and recommended remediation steps.

Before adopting Darktrace, Tokai Kyowa relied solely on perimeter-based defenses, leaving its two security staff members to manually investigate and respond to issues only after anomalies were discovered manually. Since deployment, the company has gained real- time visibility into threats and irregular activity inside the network, enabling early detection of potential incidents.

Beyond the reassurance that AI is continuously monitoring for abnormal behavior without gaps, the combination of MTD and autonomous response has fundamentally changed how the team operates. Even without constantly watching the Threat Visualizer dashboard, Tokai Kyowa can maintain a security posture with no response blind spots, achieving a genuinely resilient defense model with a minimal number of personnel.

‍