Major Entertainment Organization Deploys Deception for Insider Threat Visibility
公司规模
1,000+
地区
- America
国家
- United States
产品
- ThreatDefend Deception and Response Platform
- ThreatStrike deceptive credentials
技术栈
- Deception Technology
- Threat Detection
- Credential Monitoring
实施规模
- Enterprise-wide Deployment
影响指标
- Cost Savings
- Customer Satisfaction
- Employee Satisfaction
- Productivity Improvements
技术
- 网络安全和隐私 - 身份认证管理
- 网络安全和隐私 - 入侵检测
- 网络安全和隐私 - 网络安全
适用功能
- 商业运营
用例
- 入侵检测系统
服务
- 网络安全服务
- 系统集成
关于客户
The customer is a major entertainment organization that conducts significant product launches and is a leader in a highly competitive market. Their intellectual property is extremely valuable, and any data leak or project breach would significantly diminish their competitive advantage and impact their revenue stream. The organization is highly concerned about targeted and stolen credential attacks on their intellectual property from both insiders and external threat actors. Their current solutions were not effective and generated a high volume of false positives. Given the high value of their intellectual property, visibility into malicious activity from insiders in their organization was also of critical importance. They needed a discrete detection tool that would give them real-time visibility into threats within the network and misconfigurations that could lead to an attack. The solution also required that it not be easily detected by insiders within their organization. The company has gone to great lengths to set traps for attackers and limit the number of people within their organization who know of the Attivo solution deployment.
挑战
The organization’s greatest challenges were driven by their large network and that they had multiple high-traffic locations with little to no visibility into activity that could be indicative of a stolen credential attack. Essentially, there was no way to distinguish between an employee using their credentials to access a project and a malicious actor using stolen credentials to steal intellectual property. This proved extremely troublesome for the organization because it forced the infosec team to patch their visibility gaps with multiple different products that generated a high volume of alerts with the majority being false positives. Moreover, the team had to spend their resources monitoring the devices and, given there was not enough bandwidth to research every alert that was generated, they were forced to escalate false positives because they did not have enough actionable information to decipher a real threat buried within the noise. The time burden of false positives had a palpable impact on the team’s ability to successfully protect their intellectual property and their bottom line. The infosec team needed a solution that would not only be able to monitor and thwart stolen credential attacks, but also be able to cut through the noise of their network with substantiated, actionable alerts.
解决方案
The organization implemented the ThreatDefend Deception and Response Platform throughout their network with multiple devices. The team operationalized the devices both inside of the data center to protect and monitor their critical intellectual property as well as on their user networks to monitor for stolen credential attacks and additional visibility into attacker lateral movement. They are able to do this by their use of ThreatStrike deceptive credentials that they have placed throughout their network on end-user devices. These deceptive credentials act as alarm bells for attackers stealing usernames and passwords and using them to gain admin privileges. If a login attempt is made with the deceptive credentials, the team is alerted that there is an attack in process, which credentials are being used, and which system the infection is coming from – enabling the team to act quickly to remediate the situation. The return on investment the information security team has achieved by installing ThreatDefend for continuous threat management is that they now have visibility into the type of attacks they were most worried about: stolen credentials. By having the ThreatStrike deceptive credentials, they not only have visibility, but they will also be better protected against any potential threats. Visibility and protection against attacks plus a no false positive alert solution provides the biggest return on investment that the team could have asked for: they protect their bottom line and do so with efficiency. The visibility and protection provided by ThreatStrike means that the infosec team will catch malicious activity in their network long before the attack can have a chance to exfiltrate critical assets. Achieving early detection into insider and external threats with the ability to detect stolen credential attacks has significantly reduced the risk of a successful attack and has simplified their incident response with actionable alerts and a means to reduce their time to remediation.
运营影响
数量效益
Case Study missing?
Start adding your own!
Register with your work email and create a new case study profile for your business.
相关案例.
Case Study
Protecting a Stadium from Hazardous Materials Using IoT2cell's Mobility Platform
There was a need for higher security at the AT&T Stadium during the NFL draft. There was a need to ensure that nuclear radiation material was not smuggled inside the stadium. Hazmat materials could often be missed in a standard checkpoint when gaining entry into a stadium.
Case Study
Visual Management on Gas Tankers
Gas tankers are massive ships with a limited crew, making them extremely difficult to monitor. Video surveillance systems, which use a large number of widely distributed devices, and fire prevention systems are both crucial elements of a gas tanker monitoring system.The system used for this application is a legacy analog CCTV surveillance system that is completely independent from the main monitor and control SCADA system. With this system, the administrator responds to an event by first using the SCADA system to locate the event, and then accesses the appropriate surveillance camera from the CCTV system to view the location. The goal is to upgrade the system so that only one step is required. This is done by integrating the CCTV surveillance system into the SCADA system, in which case the surveillance system becomes a SCADA sub-system, making centralized control and monitoring possible.System Requirements- Upgrade to an IP video surveillance system for integration with the existing SCADA system- Live video display (through the SCADA system)- Enable events in the SCADA system to automatically trigger live video display- All the devices need to be of rugged design and have an anti-explosion defense
Case Study
EMC's Transition to SMS for Real-Time IT Alerts
EMC, a global leader in cloud computing, data storage, and data virtualization, was struggling with an inefficient and slow method of alerting its 68,000 employees about IT system updates. The traditional method involved drafting an email, proofing it, getting approval from several stakeholders, and finally sending it. This process was not only labor-intensive but also unreliable as it depended on the user's email being unaffected and the user actually opening and reading the email. After sending 1.2 million alert emails in a single month, EMC decided to find a more efficient and immediate way to alert employees. The challenge was to find a solution that was not only faster and less labor-intensive but also globally available and scalable to EMC's needs.
Case Study
Leveraging Graph Technology for Enhanced Cybersecurity: A Case Study on MITRE's CyGraph
MITRE, a federally-funded, not-for-profit company that manages seven national research and development laboratories in the United States, was grappling with the challenge of managing an influx of cybersecurity data. The constant changes in network environments were impacting the security posture of U.S. government agencies. Intrusion alerts, anti-virus warnings, and seemingly benign events like logins, service connections, and file share access were all potentially associated with adversary activity. The cybersecurity researchers at MITRE needed to go beyond rudimentary assessments of security posture and attack response. This required merging isolated data into higher-level knowledge of network-wide attack vulnerabilities and mission readiness. The challenge was not the lack of information, but the ability to assemble disparate pieces of information into an overall analytic picture for situational awareness, optimal courses of action, and maintaining mission readiness. The team also struggled with fully comprehending a given security environment and mapping all known vulnerabilities.
Case Study
Data and Technology Company Acxiom Enhances Customer Data Protection with Fortinet
Acxiom, a company that designs and delivers customer intelligence solutions, is heavily invested in digital technology. With a business built on the ethical use of data, Acxiom faces the challenge of constantly evolving security threats. The company needed to ensure the protection of its customer data and insights into customer behavior. The challenge was to find a partner that could provide cutting-edge and next-generation technologies to keep up with the ever-changing threat landscape. Acxiom required a solution that could not only defend against attacks but also align with the different changes in the threat landscape.
Case Study
Experity's Security Operations Scaling with Rapid7 Managed Services
Experity, a dynamic Health Information Technology company, was formed from the merger of the two largest urgent care Electronic Medical Records (EMR) companies in the country. The merger led to a rapid expansion of personnel, office locations, software, and services, creating unique challenges for the security team. The team was tasked with protecting the company from loss events of any kind, requiring business continuity and standardization. The small security team was overwhelmed with the task of managing security operations and building resilience in their security program. The company's growth also meant that the security team needed a platform to vet alerts from the increasing number of employees and contractors. The existing Managed Detection and Response (MDR) platform was inadequate as it only monitored network and server activity and not endpoint activity.