Property giant RioCan defends huge development in downtown Toronto with Darktrace AI

Property giant RioCan defends huge development in downtown Toronto with Darktrace AI

Darktrace, a global leader in cybersecurity Artificial Intelligence, has announced that RioCan, one of Canada’s largest real estate investment trusts, has selected Darktrace to defend ‘The Well’, Canada’s most ambitious multi-use real estate project.

Set to open in 2023, The Well will host approximately 11,000 people daily. Located in downtown Toronto, this expansive development will comprise more than 200 retail, commercial and residential spaces across 7.7 acres of land.

RioCan selected Darktrace’s DETECT and RESPOND technologies in 2021 to defend Network and Cloud infrastructure across its commercial office spaces and retail property investments. The property investor is now deploying Darktrace’s AI to defend this three-million-square-foot project in Toronto from sophisticated and disruptive cyberthreats.

As cyber-crime proliferates, attackers continue to target real estate organizations both to exfiltrate confidential data, including the financial information of property buyers and sellers, and to disrupt operations and demand hefty ransoms from investors and agents. With AI-powered defenses, RioCan is able to protect its IT estate as well as its operational technology, including elevators, thermostats and appliances.

“Central to the success of The Well is a world-class tenant experience,” said George Ho, Vice President of Informational Technology at RioCan. “The experience we’ve created for our visitors and tenants relies on a significant technology infrastructure, from lights switches and thermostats to security systems, which is reliable and will work uninterrupted. The best thing about Darktrace’s AI is that it learns every detail of both our information and operational technology so that we can minimize any disruptions to our normal business operations in the event of a cybersecurity incident. That is the future of security.”

“As operations and services at shopping malls and public projects become increasingly digitized, threat actors are poised to take advantage and the need for powerful, precise protection is amplified,” said David Masson, Director of Enterprise Security at Darktrace. “By expanding Darktrace’s coverage to include The Well, RioCan has complete visibility of emerging threats and can instantly contain these using AI-driven technology which understands the business.”

We asked George Ho, Vice President of Informational Technology at RioCan, further questions to find out more.

George Ho, Vice President of Informational Technology at RioCan

Can you explain some of the cybersecurity issues The Well has been facing?

When it comes to complex and highly connected real estate projects like The Well, the true challenge is to never let risks hinder innovation.

Cutting-edge technology is making infrastructure work for us in better ways than we could have ever imagined – but it also creates opportunity for risk. Smart devices ranging from elevators and thermostats to EV charging points and third-party vendors with access to building networks must be proactively managed for risk through technology. The technology must understand what ‘normal’ is, when a threat is made, and what actions are required to mitigate risk across these diverse infrastructures. At RioCan, security is our top priority and with Darktrace’s technology, our team is supported to ensure we can be everywhere all at once.

How sophisticated have these threats been?

Sophistication isn’t always the issue – attackers today are trading off sophistication for automation and scale, which requires us to continuously raise the bar for both sophisticated threat actors and more every day, run-of-the-mill attackers.

We implemented Darktrace AI to protect us from threats that often slip under the radar of traditional or legacy security tools: a compromised IoT device beaconing home or acting as a gateway into our network, automated or targeted ransomware, foreign equipment attempting to connect to our network or attackers trying to live off our land with low sophistication attacks like crypto-jacking. All of these threat vectors make up our risk profile and must be constantly monitored by an AI brain in the background.

Why are cybercriminals keen to get their hands on confidential data from real estate organizations?

It is less about accessing confidential data as it is about the ability to control systems. With corporate networks being completely separate from building networks, valuable data is not readily accessible from building systems. Our corporate data is not at risk. However, comparing some building technologies and providers to those in the enterprise technology space, often there is a maturity gap.

As a result, it’s important for us to have technology that intervenes automatically because it gives threat actors the opportunity to control systems and disrupt operations. In the face of these attacks, it’s about maintaining cyber stability and Business Continuity.

Why did RioCan decide to select Darktrace’s DETECT and RESPOND technologies?

At RioCan, security is a top priority. We selected Darktrace’s DETECT and RESPOND for our buildings so that we would have a centralized control panel for all cybersecurity incidents across both our corporate and building networks.

Cybersecurity teams do not lack to-do lists – we lack unified visibility over everything on our systems and the knowledge that autonomous action will be taken if anything goes amiss. This is key with RESPOND – it gives us peace of mind to know that a threat will be isolated until it can be further investigated by AI and our team. At the building level, this is very crucial as human investigation can require co-ordination from property operations and third-party vendors – but time is of the essence when it comes to an attack.

Darktrace’s Proactive Threat Notification (PTN) also proactively alerts us to significant events that require immediate attention. This prioritizes our triage of the suspected event and our internal teams can respond immediately.

How has Darktrace’s AI helped RioCan in its prevention of cyberattacks?

The AI provides unparalleled visibility into our network traffic patterns and alerts us to behavior that falls outside of this, which could be potentially malicious. This has helped significantly in identifying suspicious events and containing them in their very earliest stages – enabling our security team to work on higher level projects like improving our baseline security and getting the basics right at all times.

With the AI’s immediate response capability, we are immediately isolating malicious activity in a way that allows normal business operation to continue – enabling continuity and stability no matter what happens.

We have identified Darktrace as a mandatory solution in our RioCan Building Technology Standards, which defines approved technologies for use in our building networks.

How have the solutions enabled RioCan to protect its Operational Technology?

OT environments are very complex and specialized legacy OT security can’t keep up with emerging threats to these infrastructures. With legacy detection systems, the number of false-positive alerts require far too much time to investigate in such a complex environment.

Just like with our IT environments, Darktrace for OT leverages AI to understand ‘normal’ behavior for all our bespoke OT and IT/OT ecosystems, identifying and automatically stopping threats at the earliest stages until it can be fully investigated by our technical teams.

Why was it important to protect both the organization’s Information Technology and Operational Technology?

Unified coverage of IT and OT is crucial for real estate defenders. Enterprise IT has long been prioritized in cybersecurity, but from an OT perspective, devices are becoming increasingly connected and the industrial IoT marketplace has a vast array of solutions which vary dramatically in terms of their cybersecurity maturity or readiness.

With Darktrace’s technology, we have unified protection of IT and OT, allowing our teams to operate with the same workflow ensuring that we can respond quickly and consistently to threats that emerge in any area of our network.

Can you give an example of how RioCan has complete visibility of emerging threats due to Darktrace and what is the major benefit of this?

One example is the possible threats introduced by third-party vendors and suppliers. With Darktrace constantly monitoring our buildings and corporate networks, we are alerted to events like if a vendor inadvertently left administrative accesses open, we would be aware of this change in our systems, and it will be remediated immediately. This kind of visibility is only possible with the scalability offered to us by AI.

Why did RioCan decide to work with Darktrace?

Our security is a top priority and we continually review our process to ensure it is optimal and exceeding industry standards. Primarily, we were looking to improve our response times from a traditional SOC model. Time is not on your side when attackers strike – and sometimes they do so when your teams are out of office or asleep.

We immediately noticed a greater level of information about our systems being reported back to us and a significant increase in our team’s ability to drill in further to investigate incidents. Most crucially, with RESPOND, incidents can be automatically contained while further investigations continue and while business continues as normal. We don’t need to shut the greater system down and cause wider disruption. With Darktrace’s AI Analyst and a dedicated security specialist assigned to our account and the Darktrace SOC, we have access to a significant wealth of knowledge to investigate cybersecurity events rapidly.

Click below to share this article

Browse our latest issue

Intelligent CIO North America

View Magazine Archive