Case Studies > Regional Bank Selects Attivo Networks® Deception Technology to Close Detection Gaps

Regional Bank Selects Attivo Networks® Deception Technology to Close Detection Gaps

Customer Company Size
Large Corporate
Region
  • America
Country
  • United States
Product
  • ThreatDefend
  • BOTsink
  • ThreatStrike
  • ThreatDirect
  • ThreatPath
Tech Stack
  • Deception Technology
  • Automated Attack Correlation
  • Native Integrations
Implementation Scale
  • Enterprise-wide Deployment
Impact Metrics
  • Customer Satisfaction
  • Digital Expertise
  • Productivity Improvements
Technology Category
  • Cybersecurity & Privacy - Endpoint Security
  • Cybersecurity & Privacy - Network Security
  • Cybersecurity & Privacy - Security Compliance
Applicable Industries
  • Finance & Insurance
Applicable Functions
  • Business Operation
Use Cases
  • Asset Health Management (AHM)
  • Intrusion Detection Systems
  • Remote Asset Management
Services
  • System Integration
  • Training
About The Customer
The customer is a regional commercial financial institution spanning five US states. This organization operates multiple branch locations and has a small Information Security team with limited resources. They are focused on improving their detection and response capabilities against various cyber threats, including insider threats, Man in the Middle (MitM) attacks, and adversary internal reconnaissance. The institution is committed to enhancing its security posture without adding significant strain to its existing resources. They are looking for solutions that can provide comprehensive visibility, efficient threat detection, and automated incident response to protect their extensive network of branch offices.
The Challenge
Penetration testing conducted by a 3rd party red team revealed security gaps in several areas of detection and visibility. The financial institution wanted to improve their detection and response capabilities against insider threats, Man in the Middle (MitM) attacks, and adversary internal reconnaissance. The organization decided to pilot the ThreatDefend platform in their production environment and planned to roll deception out to their entire infrastructure pending the results of the pilot program. Following a successful pilot, the Information Security team saw immense value in the solution and chose to move forward with a full, enterprise-wide deployment the following fiscal year. The organization had a small Information Security team with limited resources, which required tools that met their needs without adding to their workload. Ideally, they wanted to reduce the time it took to detect an attacker, leverage automation to improve their efficiency, gather improved forensic information, and streamline incident response. Any new solution was also required to efficiently scale to meet the security and limited staffing needs of their remote branch offices.
The Solution
The Attivo Networks ThreatDefend platform satisfied all of their requirements to provide visibility and insight into threats that had bypassed their perimeter defenses. Additionally, by leveraging the platform’s automated attack correlation features and native integrations, they were able to generate high-fidelity alerts, concise reporting, and automated incident response actions to drastically improve their capabilities with minimal impact on their resources. The organization started with a staged rollout that included a production-scale pilot and then moved into an enterprise-wide deployment. The ThreatDefend platform includes several components: BOTsink as the foundation, ThreatStrike for endpoint deception with deceptive credentials and other lures, ThreatDirect to extend decoys into branch offices, and ThreatPath to identify potential attack path routes of compromise. These components work together to provide a comprehensive deception strategy that enhances the organization's security posture.
Operational Impact
  • The organization saw immediate improvements in asset visibility, including exposed credential vulnerabilities with the ThreatPath visualization tool.
  • The security team found the deployment to be intuitive and easy to use, successfully deploying decoys before the scheduled Attivo Networks Customer Care Team arrived to assist.
  • After a successful deployment, the Information Security team saw major improvements in visibility and detection and were able to easily fit the ThreatDefend solution into their existing security architecture.
  • The organization chose to move forward and budget for a full enterprise-wide deployment in the following fiscal year.
  • In full production, they expect the system’s accurate alerts to reduce their mean time-to-detection, and forensic information from the deception environment to provide valuable information for remediation.
Quantitative Benefit
  • The organization saw immediate improvements in asset visibility.
  • The deployment was intuitive and easy to use, allowing for successful decoy deployment before scheduled assistance.
  • Accurate alerts are expected to reduce mean time-to-detection.

Case Study missing?

Start adding your own!

Register with your work email and create a new case study profile for your business.

Add New Record

Related Case Studies.

Contact us

Let's talk!
* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.