实例探究 > Major Sports Organization Protects Critical Infrastructure With Deception Technology

Major Sports Organization Protects Critical Infrastructure With Deception Technology

公司规模

1,000+

地区

America

国家

United States

产品

ThreatDefend Deception and Response Platform
ThreatDefend BOTsink engagement server

技术栈

Deception Technology
ICS-SCADA Network Monitoring

实施规模

Enterprise-wide Deployment

影响指标

Customer Satisfaction
Employee Satisfaction
Productivity Improvements

技术

网络安全和隐私 - 入侵检测
网络安全和隐私 - 网络安全

适用行业

安全与公共安全
电信

适用功能

商业运营
设施管理

用例

入侵检测系统
远程资产管理

服务

网络安全服务
系统集成

关于客户

A major league sports organization faced significant cybersecurity challenges, particularly concerning their ICS-SCADA network. This organization hosts large sporting events that are televised live, making network security paramount to ensure uninterrupted operations and the safety of attendees. The infosec team was under-resourced, lacking the headcount, budget, and infrastructure to deploy and maintain a wide array of prevention tools. They needed a solution that provided visibility into their network, identified misconfigurations, and offered actionable alerts without generating a large volume of false positives. The organization was particularly concerned about potential attacks that could shut down and lock their ICS systems, posing serious risks to both operations and human safety.

登录后查看完整内容

挑战

The organization was mainly concerned about security threats to their SCADA network. In particular, the infosec team was most concerned about an attack that could work to shut down and lock their ICS systems – putting people in danger and potentially causing serious bodily harm. They did not have the resources (headcount, budget, infrastructure) to deploy and maintain a wide array of prevention tools to protect their network from outside threats. Additionally, ICS devices are not always easily patched or enabled to run antivirus solutions. They needed to know exactly where the weaknesses in their network were so that they could focus their resources on fixing the specific areas that needed attention. Furthermore, the infosec team knew that there were multiple misconfigurations in their network, but had little idea as to where those misconfigurations were or what needed to be done to fix them.

登录后查看完整内容

解决方案

The team set up the Attivo ThreatDefend™ Deception Platform within their network to gain unique visibility into their environment. Once deployed, the Attivo solution alerted the team to several misconfigurations in the network that represented significant weaknesses. The infosec team discovered a lot of activity on their network that they had not previously been aware of. Initially concerned about false positives, further investigation revealed that the alerts were real, substantiated, and actionable in a way that their other devices could not achieve. The ThreatDefend BOTsink engagement server also raised alerts on activities that had completely bypassed their prevention devices. This allowed the team to detect early inside-the-network threats and respond more efficiently.

登录后查看完整内容

运营影响

The infosec team gained significantly more visibility into their network without the need to add resources.
The team no longer wasted time chasing false positives and unsubstantiated incidents, allowing them to focus on real threats.
High fidelity alerts from the ThreatDefend platform greatly lowered the time-to-discovery and time-to-response on threats, saving the team hours if not days.
By catching previously invisible threats, the team could better protect their network from attacks that could cause serious harm or communication outages.
The organization was able to identify and quarantine a malicious actor in the initial stages of an attack, preventing further spread and potential damage.

登录后查看完整内容

数量效益