Case Studies
Attivo Networks Deception Platform for Forensics and Incident Response
Overview
Cybersecurity & Privacy - Intrusion Detection Cybersecurity & Privacy - Malware Protection | |
Healthcare & Hospitals | |
Business Operation | |
Intrusion Detection Systems Remote Asset Management Remote Control | |
Cybersecurity Services System Integration | |
Operational Impact
The security team spent several days trying to remediate the malware without the necessary information to do so. Infecting the BOTsink solution decoys had an immediate positive effect on their visibility into the issue. By installing the malware into the decoys, the security team was able to understand its nature, how it communicated with Command and Control, what changes it made to different Windows OSes, and more. | |
Before the team used the BOTsink solution, the malware was able to spread, but with detailed attack forensics the BOTsink solution provided, the team was not only able to provide the AV vendor with a detailed report of the malware but more importantly, they were able to contain the outbreak and prevent further propagation. | |
Because the malware was infecting several new machines every few minutes, the ability to save days of work by using the ThreatDefend Platform was a momentous success. The organization was able to drastically reduce the number of infected machines in their network, stop data exfiltration, and, accordingly, saved significant money given that each stolen patient record costs an average of $363 for healthcare organizations. | |
Quantitative Benefit
The organization was able to drastically reduce the number of infected machines in their network. | |
The organization saved significant money given that each stolen patient record costs an average of $363 for healthcare organizations. | |