实例探究 > Regional Bank Selects Attivo Networks® Deception Technology to Close Detection Gaps

Regional Bank Selects Attivo Networks® Deception Technology to Close Detection Gaps

公司规模
Large Corporate
地区
  • America
国家
  • United States
产品
  • ThreatDefend
  • BOTsink
  • ThreatStrike
  • ThreatDirect
  • ThreatPath
技术栈
  • Deception Technology
  • Automated Attack Correlation
  • Native Integrations
实施规模
  • Enterprise-wide Deployment
影响指标
  • Customer Satisfaction
  • Digital Expertise
  • Productivity Improvements
技术
  • 网络安全和隐私 - 端点安全
  • 网络安全和隐私 - 网络安全
  • 网络安全和隐私 - 安全合规
适用行业
  • 金融与保险
适用功能
  • 商业运营
用例
  • 资产健康管理 (AHM)
  • 入侵检测系统
  • 远程资产管理
服务
  • 系统集成
  • 培训
关于客户
The customer is a regional commercial financial institution spanning five US states. This organization operates multiple branch locations and has a small Information Security team with limited resources. They are focused on improving their detection and response capabilities against various cyber threats, including insider threats, Man in the Middle (MitM) attacks, and adversary internal reconnaissance. The institution is committed to enhancing its security posture without adding significant strain to its existing resources. They are looking for solutions that can provide comprehensive visibility, efficient threat detection, and automated incident response to protect their extensive network of branch offices.
挑战
Penetration testing conducted by a 3rd party red team revealed security gaps in several areas of detection and visibility. The financial institution wanted to improve their detection and response capabilities against insider threats, Man in the Middle (MitM) attacks, and adversary internal reconnaissance. The organization decided to pilot the ThreatDefend platform in their production environment and planned to roll deception out to their entire infrastructure pending the results of the pilot program. Following a successful pilot, the Information Security team saw immense value in the solution and chose to move forward with a full, enterprise-wide deployment the following fiscal year. The organization had a small Information Security team with limited resources, which required tools that met their needs without adding to their workload. Ideally, they wanted to reduce the time it took to detect an attacker, leverage automation to improve their efficiency, gather improved forensic information, and streamline incident response. Any new solution was also required to efficiently scale to meet the security and limited staffing needs of their remote branch offices.
解决方案
The Attivo Networks ThreatDefend platform satisfied all of their requirements to provide visibility and insight into threats that had bypassed their perimeter defenses. Additionally, by leveraging the platform’s automated attack correlation features and native integrations, they were able to generate high-fidelity alerts, concise reporting, and automated incident response actions to drastically improve their capabilities with minimal impact on their resources. The organization started with a staged rollout that included a production-scale pilot and then moved into an enterprise-wide deployment. The ThreatDefend platform includes several components: BOTsink as the foundation, ThreatStrike for endpoint deception with deceptive credentials and other lures, ThreatDirect to extend decoys into branch offices, and ThreatPath to identify potential attack path routes of compromise. These components work together to provide a comprehensive deception strategy that enhances the organization's security posture.
运营影响
  • The organization saw immediate improvements in asset visibility, including exposed credential vulnerabilities with the ThreatPath visualization tool.
  • The security team found the deployment to be intuitive and easy to use, successfully deploying decoys before the scheduled Attivo Networks Customer Care Team arrived to assist.
  • After a successful deployment, the Information Security team saw major improvements in visibility and detection and were able to easily fit the ThreatDefend solution into their existing security architecture.
  • The organization chose to move forward and budget for a full enterprise-wide deployment in the following fiscal year.
  • In full production, they expect the system’s accurate alerts to reduce their mean time-to-detection, and forensic information from the deception environment to provide valuable information for remediation.
数量效益
  • The organization saw immediate improvements in asset visibility.
  • The deployment was intuitive and easy to use, allowing for successful decoy deployment before scheduled assistance.
  • Accurate alerts are expected to reduce mean time-to-detection.

Case Study missing?

Start adding your own!

Register with your work email and create a new case study profile for your business.

Add New Record

相关案例.

联系我们

欢迎与我们交流!
* Required
* Required
* Required
* Invalid email address
提交此表单,即表示您同意 IoT ONE 可以与您联系并分享洞察和营销信息。
不,谢谢,我不想收到来自 IoT ONE 的任何营销电子邮件。
提交

感谢您的信息!
我们会很快与你取得联系。