X

ED&F Man Holdings, a commodities trading company, faced a significant challenge in mitigating cybersecurity risks. A security incident several years ago served as a wake-up call to the increasing success of cyberattacks. An independent assessment indicated that the company needed to significantly step up its cybersecurity processes, tools, and people. The company undertook a complete security transformation. Carmelo Gallo took over as the cybersecurity manager to protect the operations of the $10 billion company that has a presence in 60 countries. A focus on next-generation security technology, integration, and automation has rapidly accelerated the company’s security maturity.

DZ BANK, the second largest bank in Germany, was facing challenges in detecting advanced threats that were missed by traditional signature-based firewalls, IDS and IPS. The bank was looking for a solution that could distinguish between benign anomalous behaviors and high-risk attacker behaviors. The bank's mission to protect its assets, operations and sensitive information was complicated by a broad range of data privacy and financial regulations. Many types of surveillance and electronic monitoring of employees and communications are prohibited in Germany. In addition, both the European Union General Data Protection Requirement (GDPR) and Germany’s Second Markets in Financial Instruments Directive (MiFID II) became law in 2018.

Greater Manchester Mental Health NHS Foundation Trust, a healthcare provider in North West England, was facing a significant challenge with limited visibility into malicious behaviors inside network traffic or Office 365. The trust has about 5,400 employees, more than 140 locations, and provides mental health services for 53,00 patients a year. The sheer quantity of individuals using the service increases the chance that cyber hygiene will fall by the wayside, and knowledgeable attackers will exploit human behavior to gain high-privilege access to critical business-data. Despite antivirus software, a LogPoint SIEM and next-generation firewalls, network detection and response (NDR) had been on the radar for quite some time.

Nissho Electronics Corp., a company that makes cutting-edge U.S. technology available to enterprise organizations in Japan, was facing growing concerns about its own network and cloud security posture due to the rise in advanced cyberattacks. These hidden threats easily evade firewalls, IDS and other legacy security systems and spread inside networks in search of assets to steal. Nissho had used its SIEM to analyze firewall logs, which was a manual, time-consuming operation. The company was also concerned about the recent spike in credential abuse and account takeovers in SaaS-based Microsoft Office 365, which affects more than 30% of organizations each month. Attackers use social engineering to exploit human behavior, elevate account privileges and steal critical business-data. The company understood that it needed visibility inside the network and public cloud to identify and stop hidden cyberattackers who move laterally in traffic to spy, spread and steal.

The university healthcare system was in need of a proactive approach to understand threats, threat actors and the methods they employ in the internal threat landscape. They had in place anti-virus, anti-malware and email filters to protect end users. However, their log and event manager created a lot of work for the security team. It relied on the vendor to integrate the log and event manager with other security systems, which resulted in a deluge of anomalous alerts that didn’t make sense and were incompatible with security feeds that flowed into it. The university healthcare system needed a network-centric detection and response solution that was endpoint agnostic and which would help bring clarity to internal network traffic.

American University, a private institution in Washington D.C., was preparing to expand its cloud presence and needed to enhance its cybersecurity measures to protect its public cloud, data center, and campus networks. The university was facing two significant cybersecurity challenges that were consuming a significant amount of time and resources. The first was the use of open-source tools to monitor network traffic, and the second was the use of signatures to detect intrusions. The university's network supports about 60,000 users with more than 20,000 devices at any given time, along with 700 servers and hundreds of applications. The information security team was looking for non-open-source solutions that utilized artificial intelligence and aligned with their goals.

The Texas A&M University System, an academic and research powerhouse, faced significant challenges in protecting its high-value academic and research data. The system, which includes 11 university campuses, seven state agencies, and numerous research institutes, was a prime target for cyber thieves. The university system faced a lack of cybersecurity talent, a global issue that made it difficult to hire and retain skilled cybersecurity professionals. Additionally, the university system's significant expenditures and vital research partnerships with organizations like the U.S. Department of Energy, NASA, and the U.S. Department of Defense made it a target for nation-state cyber attackers.

The international private healthcare group, with over 100 hospitals and clinics globally, was facing challenges in timely detection and effective management of active cyberattacks. The healthcare industry is a prime target for cybercriminals, who use advanced attack techniques and tools. These criminals often target patient records that contain substantial amounts of private and sensitive information. In addition to the risk of data loss, ransomware attacks have the potential to disrupt and deny control over key digital services like biomedical devices and vital systems, putting the provider and the safety of patients at risk. The healthcare group realized that its existing cybersecurity protections were not enough to quickly spot and manage attacks, given the rapidly evolving threat landscape.

INDEVCO, a multinational manufacturing and industrial consultancy group, was facing challenges in detecting internal threats, gaining visibility into their network, and maintaining network hygiene. They had an open-source security information and event management (SIEM) solution and an endpoint detection and response (EDR) solution, but these were not sufficient. The company needed a solution that could help them better protect data and keep their operations running smoothly across their 38 manufacturing plants and 38 commercial companies worldwide.

The company, a Forbes Global 2000 manufacturer of specialty chemicals and advanced materials, needed to ensure its supply chain, from raw materials to finished goods, was not compromised by hidden cyberattacks. The company's supply chain spans the procurement of raw materials to formulating the plastics and adhesives that are essential ingredients in its own customers’ manufacturing processes. Cyberattacks could disrupt production operations, causing serious business disruption, reputational damage and fines for regulatory noncompliance. The company wanted to lift the burden from its security operations team, which was weighed down by huge volumes of inconclusive alerts and false positives.

Pennine Care NHS Foundation Trust, a provider of mental health and learning disability services in parts of Greater Manchester and Derbyshire, was faced with the challenge of protecting its operations from cyber threats. This became a priority after the 2017 WannaCry ransomware attack that disrupted a third of NHS operations. Although no patient data was compromised and the attack was stopped from spreading, all NHS trusts have since stepped up security to identify and stop future cyber threats. ICT security manager Rizwan Majeed was entrusted to protect Pennine Care NHS from cyber threats. He began to evaluate potential solutions, including network detection and response (NDR).

Bolton NHS Foundation Trust, a healthcare provider for over 140,000 people in Bolton and the surrounding area northwest of Manchester, was facing a growing challenge of protecting patient information across a growing number of mobile devices, medical internet-of-things (IoT) devices, data center workloads and cloud services. Healthcare providers have a treasure trove of patient, financial and clinical research data, making healthcare a top target for data theft. Criminals also target healthcare providers for extortion with ransomware, knowing that hospital systems must operate around the clock. Bolton NHS is just down the road from ground zero of the 2017 WannaCry outbreak in the U.K. The ransomware crisis, which affected organizations around the world, sparked many conversations at Bolton NHS. “We had proven security, but we still reassessed our weaknesses and gaps,” says Walmsley.

The telematics company, despite having a deep understanding of the tactics used by cybercriminals, was constrained by limited resources and budget. With a total of 100 employees, the IT operations team consisted of only five members who were tasked with handling everything IT-related, including security. The company provides telematic services to insurance clients, requiring them to store and transfer sensitive customer information regularly. Therefore, security was a top priority. However, with limited financial ability to fund a dedicated Security Operations Center (SOC) team, it became a priority to find budget-friendly alternatives. The company needed a solution that was software and operating system agnostic, and could help detect attacker behavior, increase their human expertise with artificial intelligence (AI), and address any threat or abnormal activity.

The Municipal Property Assessment Corporation (MPAC) was facing a challenge of lack of lateral movement visibility within the organization. As an IT security veteran, Mirza Baig, IT Security Manager at MPAC, needed to understand the security solutions the team was utilizing. He found that the team had already prioritized removing any blind spots, which is key to having the ability to detect attacker behavior. However, the existing solutions were not sufficient to detect lateral movement across cloud or enterprise workloads.

ROSSMANN, one of the largest drugstore chains in Europe, was facing a significant challenge in identifying threats inside its network. The IT security team, led by Daniel Luttermann, was tasked with strengthening the company's security posture to catch cyberattackers at the network perimeter and within the network. Before evaluating vendors, ROSSMANN conducted a red team exercise to identify potential security weaknesses and vulnerabilities. The results of this penetration test were used to gauge vendors in the proof-of-concept (POC) testing phase. The team ultimately chose a diverse roster of solutions that included the Cognito® network detection and response (NDR) platform from Vectra®.

The global retail giant in the beauty industry was struggling with maintaining network security for hundreds of stores and a busy online retail business with a lean security budget. Every year, the company would hire consultants to conduct red team exercises to test the mettle of cybersecurity operations, and every year it failed. The seven-member security operations center (SOC) team was in need of a solution that would provide visibility inside the network to detect and respond to hidden cyberattackers. They needed a network detection and response (NDR) platform that would identify attackers that bypass firewalls and IPS at the network perimeter and provide visibility into threats inside the network.

Royal Holloway University of London, a top 25 university in the UK, was facing a significant challenge in defending against a wide range of cyber threats. As a center of research and excellence in cybersecurity, the university was a particularly attractive target for threat actors. The large population of students and staff regularly connected to multiple devices, presenting a broad attack surface. With limited resources, the Cyber Security team at Royal Holloway was under huge pressure to keep up with the increasing workload of manual investigations in response to suspected vulnerabilities. They needed a solution that could detect threats that managed to penetrate their network, or those that originated from inside their perimeter defenses, without needing to perform manual intervention.

The online gaming company, with operations in more than a dozen locations worldwide, was facing a rapidly changing threat landscape. Gaming companies are lucrative targets for cybercriminals, who range from solo actors to organized crime rings. An outage or data breach can cause material damage to the firm’s income, customer retention and longterm value. As a publicly traded company, it is required to meet a wide range of regulatory and compliance mandates, including PCI-DSS and GDPR. The gaming firm needs to be able to detect threats and attacks, which means having the ability to hunt for malicious activity around the clock without requiring security teams to be on site 24/7. At the same time, security analysts were overwhelmed by the volume of alerts from their security tools, such as SIEMs, firewalls and other defenses. Before selecting Vectra’s AI-driven platform, the company experienced limited visibility into threat behaviors inside its networks, which did not support the company’s priorities to deliver the best experience for gamers, guard its operations against attacks, and protect its brands and intellectual property.

The security operations team of a major real estate firm realized the need to modernize their approach to potential cyber threats. The company had been using combined intrusion detection and intrusion prevention systems to catch threats at the network perimeter. However, these systems did not scale well and offered no visibility inside the network and data center. The security operations teams were also burdened with manually investigating thousands of threat alerts per day, causing significant alert fatigue and giving real attacks more time to spread.

The financial markets are a favorite target of cyberattackers, whether they are trying to disrupt the global economy, make a political statement or commit an act of war. From the banks to dealers, clearing houses to exchanges, the industry strives to maintain the availability and integrity of the financial infrastructure. It’s a massive challenge, where one worker’s misstep or moment of inattention can lead to compromised systems, financial loss and damage to corporate reputation. This exchange is well prepared to defend against the everyday cybercrimes of monetary gain and reputational damage as well as black swan events. To stay ahead of bad actors and criminals, it continually improves its information security controls and systems.

The Very Group, a leading digital retailer in the UK, has undergone a significant digital transformation, shifting from a catalog operation to a pureplay digital retailer. However, this transformation has introduced new risks. The company needed to protect its ecommerce platforms, maintain customer trust, and meet regulatory requirements like the European Union’s General Data Protection Requirement (GDPR). The Very Group has 1.3 million visitors a day and four million active customers, and its systems hold a wealth of information that needs to be protected. The company also wanted to ensure that its security and privacy practices were tightly aligned with GDPR and other mandates.

The EDAG Group, one of the world’s largest independent development partners to the automotive and aviation industries, fell victim to a ransomware attack on the night of March 13, 2021. A large number of their business-critical systems suddenly became unusable, and it was determined that their IT systems were under attack. The stakes were high as they were up against a ransomware attack. Their security team quickly stepped in and was able to control the attack, getting their systems back up and running. However, EDAG knew they needed an approach that would ensure no suspicious activity was left in the network and any future attacks would be thwarted.

The Australian Private Health Fund was facing a challenge with their existing cybersecurity solution, Darktrace. The number of alerts they were receiving was overwhelming and they needed a solution that would reduce these alerts and increase visibility across their hybrid environments. They were looking for a solution that would not only protect against external threats but also spot unusual employee behavior that could lead to vulnerabilities. The organization wanted to ensure the cyber wellness of their members and prevent any risk of their information being compromised in a cyberattack.

The company initially implemented Vectra AI to protect some of its legacy systems that did not support encryption at rest. This was necessary to meet compliance requirements. The company then extended the use of Vectra AI to monitor other devices and servers within its network. The company was looking for a solution that could detect anomalous behavior and reduce the time spent on looking into logs. The company also wanted a solution that could triage threats and correlate them with compromised host devices. The company was dealing with about 300 events a day, with about 10 to 15 events requiring investigation.

The organization had a gap in its cybersecurity infrastructure. They did not have a managed service and needed a solution that would help them detect malicious behavior and anomalies within the organization. They were looking for a solution that could provide actionable data and reduce the workload on their small team. They also needed a solution that could provide visibility into behaviors across the full lifecycle of an attack in their network, beyond just the internet gateway.

The organization was dealing with a large volume of network traffic, with 89,000 concurrent IPs being analyzed. This resulted in a significant amount of noise, with only 1% of the traffic warranting deeper investigation. The challenge was to filter out the noise and focus on the high-risk events that needed attention. Additionally, the organization needed a solution that could provide visibility into behaviors across the full lifecycle of an attack in the network, beyond just the internet gateway. This included identifying unauthorized devices on the network and detecting suspicious domain activity.

The company lacked an Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) across its estate, which includes numerous offices across the country. This situation made it difficult for the company to monitor and flag up unusual network traffic for further investigation. The company was also struggling with false positives and had to invest time in tuning the system to reduce these. The company was looking for a solution that could provide visibility into behaviors across the full life cycle of an attack in their network, beyond just the internet gateway.

The company was in need of an intrusion detection system to monitor traffic within their network. They had previously experienced a ransomware event, which Vectra AI was able to quickly detect and alert on, greatly reducing the time it took for the company to respond to the incident. However, the company was looking for a solution that could provide a fuller picture of what was going on before the target left the network, and also triage threats and correlate them with compromised host devices to further reduce the time to respond to incidents.

The university was looking for a solution that required less customization and more commercial off-the-shelf capabilities. They wanted their team to focus on protecting the university rather than upgrading custom software. They needed a solution that could inspect and look for malicious, abusive, or other types of forbidden behavior with their north-south and east-west traffic. The solution needed to be able to differentiate between normal and abnormal events. The university also wanted to detect issues with privileged accounts, as they had users ranging from low-privileged, regular users to administrators with high levels of privilege.

The Government Authority in the Middle East manages and oversees all of the country's digital assets, information technology, and data programs. It operates similarly to a service provider throughout all government agencies including healthcare, education, traffic, and immigration. Cybersecurity is a fundamental pillar protecting government institutions as they are a prime target for hackers. The Government Authority maintains and supports multiple core business functions at a large scale where compromised data or systems increase the risk of a breach. A breach in a government institution would impact critical systems that citizens rely on, demand remediation costs, and require unplanned spending to close the gaps. The security team needed to reduce the risk of a breach by having the ability to detect and respond to potential threats. However, they were overwhelmed with a large volume of unprioritized alerts, poor capability in detecting unknown threats, and they lacked visibility into their cloud environment.