Forcepoint Case Studies Drug Giant Discovers Data Breach

Edit This Case Study Record

	Drug Giant Discovers Data Breach Forcepoint

Drug Giant Discovers Data Breach

Forcepoint

Technology Category	Cybersecurity & Privacy - Network Security
Applicable Industries	Pharmaceuticals
Applicable Functions	Business Operation
Use Cases	Cybersecurity
Services	Cybersecurity Services
Challenge	The global pharmaceutical giant, with over 20,000 employees, was facing a significant challenge in terms of its security posture. The newly appointed CISO wanted to evaluate the existing security infrastructure. Despite having a high-end firewall from a leading vendor, the company was still at risk. The Bitglass Breach Discovery Engine identified several high-risk Shadow IT cloud apps on the network. One unsanctioned cloud app was particularly concerning as it was used by employees to sync their contact lists and calendars. However, the most alarming discovery was the identification of three major risks: an internal IP in contact with a TOR node, twelve internal nodes in contact with a fake DNS server hosting phishing sites, and over thirty internal IPs contacting confirmed Malware hosts outside the firewall. Read More
About Customer	The customer in this case study is a global pharmaceutical giant with over 20,000 employees. The company is a significant player in the pharmaceutical industry, producing a wide range of drugs and medical products. The company has a robust infrastructure and has invested in high-end firewall technology from a leading vendor. However, despite these measures, the company was facing significant security challenges. The newly appointed CISO was keen on evaluating the existing security infrastructure to identify any potential vulnerabilities and risks. The company's vast size and global operations make it a potential target for cyber threats, making the need for robust and effective security measures critical. Read More
Solution	The solution to the company's security challenges was the Bitglass Breach Discovery Engine. The CISO uploaded four days of firewall logs to the engine, which then analyzed the data to identify potential risks and vulnerabilities. The engine identified several high-risk Shadow IT cloud apps on the network, including one that was used by employees to sync their contact lists and calendars. More concerning were the three major risks identified by the engine: an internal IP in contact with a TOR node, twelve internal nodes in contact with a fake DNS server hosting phishing sites, and over thirty internal IPs contacting confirmed Malware hosts outside the firewall. The Breach Discovery Report provided by the engine listed the compromised IP addresses in order of risk, allowing for rapid investigation, quarantine, and remediation. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Network Security

Applicable Industries

Pharmaceuticals

Applicable Functions

Business Operation

Use Cases

Cybersecurity

Services

Cybersecurity Services

Challenge

The global pharmaceutical giant, with over 20,000 employees, was facing a significant challenge in terms of its security posture. The newly appointed CISO wanted to evaluate the existing security infrastructure. Despite having a high-end firewall from a leading vendor, the company was still at risk. The Bitglass Breach Discovery Engine identified several high-risk Shadow IT cloud apps on the network. One unsanctioned cloud app was particularly concerning as it was used by employees to sync their contact lists and calendars. However, the most alarming discovery was the identification of three major risks: an internal IP in contact with a TOR node, twelve internal nodes in contact with a fake DNS server hosting phishing sites, and over thirty internal IPs contacting confirmed Malware hosts outside the firewall.

About Customer

The customer in this case study is a global pharmaceutical giant with over 20,000 employees. The company is a significant player in the pharmaceutical industry, producing a wide range of drugs and medical products. The company has a robust infrastructure and has invested in high-end firewall technology from a leading vendor. However, despite these measures, the company was facing significant security challenges. The newly appointed CISO was keen on evaluating the existing security infrastructure to identify any potential vulnerabilities and risks. The company's vast size and global operations make it a potential target for cyber threats, making the need for robust and effective security measures critical.

Solution

The solution to the company's security challenges was the Bitglass Breach Discovery Engine. The CISO uploaded four days of firewall logs to the engine, which then analyzed the data to identify potential risks and vulnerabilities. The engine identified several high-risk Shadow IT cloud apps on the network, including one that was used by employees to sync their contact lists and calendars. More concerning were the three major risks identified by the engine: an internal IP in contact with a TOR node, twelve internal nodes in contact with a fake DNS server hosting phishing sites, and over thirty internal IPs contacting confirmed Malware hosts outside the firewall. The Breach Discovery Report provided by the engine listed the compromised IP addresses in order of risk, allowing for rapid investigation, quarantine, and remediation.

Impact #1	The Bitglass Breach Discovery Engine identified several high-risk Shadow IT cloud apps on the network.
Impact #2	The engine identified an internal IP in contact with a TOR node, which is primarily used for data exfiltration after a host has been breached.
Impact #3	The engine found twelve internal nodes in contact with a fake DNS server that also hosted several phishing sites for popular banking and consumer services.

Impact #1

The Bitglass Breach Discovery Engine identified several high-risk Shadow IT cloud apps on the network.

Impact #2

The engine identified an internal IP in contact with a TOR node, which is primarily used for data exfiltration after a host has been breached.

Impact #3

The engine found twelve internal nodes in contact with a fake DNS server that also hosted several phishing sites for popular banking and consumer services.

Download PDF Version

Overview

Drug Giant Discovers Data Breach

Operational Impact