Case Studies Major Entertainment Organization Deploys Deception for Insider Threat Visibility

Edit This Case Study Record

	Major Entertainment Organization Deploys Deception for Insider Threat Visibility

Major Entertainment Organization Deploys Deception for Insider Threat Visibility

Technology Category	Cybersecurity & Privacy - Identity & Authentication Management Cybersecurity & Privacy - Intrusion Detection Cybersecurity & Privacy - Network Security
Applicable Functions	Business Operation
Use Cases	Intrusion Detection Systems
Services	Cybersecurity Services System Integration
Challenge	The organization’s greatest challenges were driven by their large network and that they had multiple high-traffic locations with little to no visibility into activity that could be indicative of a stolen credential attack. Essentially, there was no way to distinguish between an employee using their credentials to access a project and a malicious actor using stolen credentials to steal intellectual property. This proved extremely troublesome for the organization because it forced the infosec team to patch their visibility gaps with multiple different products that generated a high volume of alerts with the majority being false positives. Moreover, the team had to spend their resources monitoring the devices and, given there was not enough bandwidth to research every alert that was generated, they were forced to escalate false positives because they did not have enough actionable information to decipher a real threat buried within the noise. The time burden of false positives had a palpable impact on the team’s ability to successfully protect their intellectual property and their bottom line. The infosec team needed a solution that would not only be able to monitor and thwart stolen credential attacks, but also be able to cut through the noise of their network with substantiated, actionable alerts. Read More
About Customer	The customer is a major entertainment organization that conducts significant product launches and is a leader in a highly competitive market. Their intellectual property is extremely valuable, and any data leak or project breach would significantly diminish their competitive advantage and impact their revenue stream. The organization is highly concerned about targeted and stolen credential attacks on their intellectual property from both insiders and external threat actors. Their current solutions were not effective and generated a high volume of false positives. Given the high value of their intellectual property, visibility into malicious activity from insiders in their organization was also of critical importance. They needed a discrete detection tool that would give them real-time visibility into threats within the network and misconfigurations that could lead to an attack. The solution also required that it not be easily detected by insiders within their organization. The company has gone to great lengths to set traps for attackers and limit the number of people within their organization who know of the Attivo solution deployment. Read More
Solution	The organization implemented the ThreatDefend Deception and Response Platform throughout their network with multiple devices. The team operationalized the devices both inside of the data center to protect and monitor their critical intellectual property as well as on their user networks to monitor for stolen credential attacks and additional visibility into attacker lateral movement. They are able to do this by their use of ThreatStrike deceptive credentials that they have placed throughout their network on end-user devices. These deceptive credentials act as alarm bells for attackers stealing usernames and passwords and using them to gain admin privileges. If a login attempt is made with the deceptive credentials, the team is alerted that there is an attack in process, which credentials are being used, and which system the infection is coming from – enabling the team to act quickly to remediate the situation. The return on investment the information security team has achieved by installing ThreatDefend for continuous threat management is that they now have visibility into the type of attacks they were most worried about: stolen credentials. By having the ThreatStrike deceptive credentials, they not only have visibility, but they will also be better protected against any potential threats. Visibility and protection against attacks plus a no false positive alert solution provides the biggest return on investment that the team could have asked for: they protect their bottom line and do so with efficiency. The visibility and protection provided by ThreatStrike means that the infosec team will catch malicious activity in their network long before the attack can have a chance to exfiltrate critical assets. Achieving early detection into insider and external threats with the ability to detect stolen credential attacks has significantly reduced the risk of a successful attack and has simplified their incident response with actionable alerts and a means to reduce their time to remediation. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Identity & Authentication Management

Cybersecurity & Privacy - Intrusion Detection

Cybersecurity & Privacy - Network Security

Applicable Functions

Business Operation

Use Cases

Intrusion Detection Systems

Services

Cybersecurity Services

System Integration

Challenge

The organization’s greatest challenges were driven by their large network and that they had multiple high-traffic locations with little to no visibility into activity that could be indicative of a stolen credential attack. Essentially, there was no way to distinguish between an employee using their credentials to access a project and a malicious actor using stolen credentials to steal intellectual property. This proved extremely troublesome for the organization because it forced the infosec team to patch their visibility gaps with multiple different products that generated a high volume of alerts with the majority being false positives. Moreover, the team had to spend their resources monitoring the devices and, given there was not enough bandwidth to research every alert that was generated, they were forced to escalate false positives because they did not have enough actionable information to decipher a real threat buried within the noise. The time burden of false positives had a palpable impact on the team’s ability to successfully protect their intellectual property and their bottom line. The infosec team needed a solution that would not only be able to monitor and thwart stolen credential attacks, but also be able to cut through the noise of their network with substantiated, actionable alerts.

About Customer

The customer is a major entertainment organization that conducts significant product launches and is a leader in a highly competitive market. Their intellectual property is extremely valuable, and any data leak or project breach would significantly diminish their competitive advantage and impact their revenue stream. The organization is highly concerned about targeted and stolen credential attacks on their intellectual property from both insiders and external threat actors. Their current solutions were not effective and generated a high volume of false positives. Given the high value of their intellectual property, visibility into malicious activity from insiders in their organization was also of critical importance. They needed a discrete detection tool that would give them real-time visibility into threats within the network and misconfigurations that could lead to an attack. The solution also required that it not be easily detected by insiders within their organization. The company has gone to great lengths to set traps for attackers and limit the number of people within their organization who know of the Attivo solution deployment.

Solution

The organization implemented the ThreatDefend Deception and Response Platform throughout their network with multiple devices. The team operationalized the devices both inside of the data center to protect and monitor their critical intellectual property as well as on their user networks to monitor for stolen credential attacks and additional visibility into attacker lateral movement. They are able to do this by their use of ThreatStrike deceptive credentials that they have placed throughout their network on end-user devices. These deceptive credentials act as alarm bells for attackers stealing usernames and passwords and using them to gain admin privileges. If a login attempt is made with the deceptive credentials, the team is alerted that there is an attack in process, which credentials are being used, and which system the infection is coming from – enabling the team to act quickly to remediate the situation. The return on investment the information security team has achieved by installing ThreatDefend for continuous threat management is that they now have visibility into the type of attacks they were most worried about: stolen credentials. By having the ThreatStrike deceptive credentials, they not only have visibility, but they will also be better protected against any potential threats. Visibility and protection against attacks plus a no false positive alert solution provides the biggest return on investment that the team could have asked for: they protect their bottom line and do so with efficiency. The visibility and protection provided by ThreatStrike means that the infosec team will catch malicious activity in their network long before the attack can have a chance to exfiltrate critical assets. Achieving early detection into insider and external threats with the ability to detect stolen credential attacks has significantly reduced the risk of a successful attack and has simplified their incident response with actionable alerts and a means to reduce their time to remediation.

Impact #1	The organization has operationalized the ThreatDefend platform within multiple segments of their network and has implemented a wide distribution of the ThreatStrike deceptive credentials.
Impact #2	These products allow the organization to drastically increase their visibility into the attacks they were most worried about.
Impact #3	The team can now focus their resources on remediating threats rather than trying to identify them.

Impact #1

The organization has operationalized the ThreatDefend platform within multiple segments of their network and has implemented a wide distribution of the ThreatStrike deceptive credentials.

Impact #2

These products allow the organization to drastically increase their visibility into the attacks they were most worried about.

Impact #3

The team can now focus their resources on remediating threats rather than trying to identify them.

Benefit #1	Significant reduction in false positives.
Benefit #2	Early detection of insider and external threats.
Benefit #3	Improved efficiency in incident response.

Benefit #1

Significant reduction in false positives.

Benefit #2

Early detection of insider and external threats.

Benefit #3

Improved efficiency in incident response.

Download PDF Version

Overview

Major Entertainment Organization Deploys Deception for Insider Threat Visibility

Operational Impact

Quantitative Benefit