IBM > Case Studies > Detecting and stopping a stealth attack

Detecting and stopping a stealth attack

IBM Logo
Product
  • IBM QRadar QFlow Collector
  • IBM QRadar Sense Analytics
  • IBM QRadar Vulnerability Manager
Tech Stack
  • IBM QRadar
Technology Category
  • Cybersecurity & Privacy - Network Security
Use Cases
  • Cybersecurity
Services
  • Cybersecurity Services
About The Customer
The customer in this case study is a public sector organization. The specific details about the organization such as its size, location, and the exact nature of its operations are not mentioned in the article. However, it is clear that the organization handles highly sensitive assets and confidential information. The organization was unknowingly under attack, with an attacker attempting to stealthily exfiltrate confidential information from a highly sensitive asset. The organization was using a log-based security information and event management (SIEM) solution from a managed security services provider, which was incapable of detecting such stealth attacks.
The Challenge
The public sector organization was unknowingly under attack. An attacker was attempting to stealthily exfiltrate confidential information from a highly sensitive asset that was not considered at risk. The organization's log-based security information and event management (SIEM) solution from its managed security services provider was incapable of detecting such stealth attacks. This posed a significant challenge as the organization was at risk of losing confidential data and was vulnerable to further undiscovered activity by the attacker.
The Solution
The solution to the organization's challenge was provided by IBM Business Partner CarbonHelix using IBM QRadar security software products. The IBM QRadar Sense Analytics engine was used for advanced threat detection. This solution was able to quickly determine how the attacker had gained access to the internal network and the sensitive asset, as well as the tools used to capture and move data. The solution also included IBM QRadar QFlow Collector and IBM QRadar Vulnerability Manager. The QFlow Collector provides visibility into application activity, communication, and data transfers, while the Vulnerability Manager helps identify and patch vulnerabilities.
Operational Impact
  • The organization was able to detect the stealth attack that was not caught by log-based SIEM analysis alone.
  • The organization was able to prevent the loss of confidential data and further undiscovered activity by the attacker.
  • The organization was able to reduce risk with new security controls and a process to identify and patch vulnerabilities.

Case Study missing?

Start adding your own!

Register with your work email and create a new case study profile for your business.

Add New Record

Related Case Studies.

Contact us

Let's talk!
* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.