Case Studies Major Financial Services Company Choses Deception for Visibility and Forensics

Edit This Case Study Record

	Major Financial Services Company Choses Deception for Visibility and Forensics

Major Financial Services Company Choses Deception for Visibility and Forensics

Technology Category	Analytics & Modeling - Machine Learning Cybersecurity & Privacy - Endpoint Security Cybersecurity & Privacy - Network Security
Applicable Industries	Finance & Insurance
Applicable Functions	Business Operation
Use Cases	Intrusion Detection Systems Remote Asset Management
Services	System Integration Training
Challenge	Information Security senior management sought to gain better visibility into their diverse and international network environment and address the often-challenging question of whether their security controls were working reliably. They needed to understand what threats had bypassed these controls and whether these threats were doing anything that could negatively impact operations. With a diverse infrastructure and assets in numerous countries, gaining adequate visibility into remote locations and providing consistent data security compliance was especially challenging. The specific restrictions in some regions posed additional challenges requiring unique solutions. The organization needed a solution that would be easy to deploy and manage, even in remote locations, and would not unduly increase their information security team’s workload. Read More
About Customer	The customer is a large financial services company with a diverse and international network environment. The company operates across corporate and remote offices, facing the challenge of fully understanding what threats were within their environment and how likely they were to cause harm. Despite having a mature and well-implemented security posture, the company needed better visibility and early threat detection capabilities. The Vice President of Cybersecurity was particularly focused on gaining insights into the attacker’s entry points, methods, and motivations. The company required a solution that could be easily deployed and managed across its global operations without adding significant workload to its information security team. Read More
Solution	The organization selected the Attivo Networks® ThreatDefend™ platform, utilizing the BOTsink® server to deploy decoys, ThreatDirect™ to project decoys into remote locations, and ThreatStrike™ to place deception credentials and other assets on the endpoints. The organization used staged rollouts to test detection strategies and the application of deception techniques. The deployment process was simplified with the use of machine learning, making it easy to prepare, deploy, and update deceptions while maintaining environmental authenticity and attractiveness for an attacker. The ThreatDefend platform provided global early threat detection and the ability to easily and scalably provide deception into remote locations without requiring additional hardware. The platform’s ability to gather adversary intelligence, including TTPs, IOCs, and threat intelligence, provided insight into the attacker’s entry point, methods, and motivation. Read More Log in to view content
Contents

Technology Category

Analytics & Modeling - Machine Learning

Cybersecurity & Privacy - Endpoint Security

Cybersecurity & Privacy - Network Security

Applicable Industries

Finance & Insurance

Applicable Functions

Business Operation

Use Cases

Intrusion Detection Systems

Remote Asset Management

Services

System Integration

Training

Challenge

Information Security senior management sought to gain better visibility into their diverse and international network environment and address the often-challenging question of whether their security controls were working reliably. They needed to understand what threats had bypassed these controls and whether these threats were doing anything that could negatively impact operations. With a diverse infrastructure and assets in numerous countries, gaining adequate visibility into remote locations and providing consistent data security compliance was especially challenging. The specific restrictions in some regions posed additional challenges requiring unique solutions. The organization needed a solution that would be easy to deploy and manage, even in remote locations, and would not unduly increase their information security team’s workload.

About Customer

The customer is a large financial services company with a diverse and international network environment. The company operates across corporate and remote offices, facing the challenge of fully understanding what threats were within their environment and how likely they were to cause harm. Despite having a mature and well-implemented security posture, the company needed better visibility and early threat detection capabilities. The Vice President of Cybersecurity was particularly focused on gaining insights into the attacker’s entry points, methods, and motivations. The company required a solution that could be easily deployed and managed across its global operations without adding significant workload to its information security team.

Solution

The organization selected the Attivo Networks® ThreatDefend™ platform, utilizing the BOTsink® server to deploy decoys, ThreatDirect™ to project decoys into remote locations, and ThreatStrike™ to place deception credentials and other assets on the endpoints. The organization used staged rollouts to test detection strategies and the application of deception techniques. The deployment process was simplified with the use of machine learning, making it easy to prepare, deploy, and update deceptions while maintaining environmental authenticity and attractiveness for an attacker. The ThreatDefend platform provided global early threat detection and the ability to easily and scalably provide deception into remote locations without requiring additional hardware. The platform’s ability to gather adversary intelligence, including TTPs, IOCs, and threat intelligence, provided insight into the attacker’s entry point, methods, and motivation.

Impact #1	The organization added deception technology to proactively achieve visibility, especially in remote locations, and provide improved reporting and forensics capability across their widely varied sites.
Impact #2	The ThreatDefend platform was easy to deploy and maintain at scale, providing high-fidelity, accurate alerts.
Impact #3	Deception technology gave them 'eyes inside the network' visibility they were not getting from any other solutions.

Impact #1

The organization added deception technology to proactively achieve visibility, especially in remote locations, and provide improved reporting and forensics capability across their widely varied sites.

Impact #2

The ThreatDefend platform was easy to deploy and maintain at scale, providing high-fidelity, accurate alerts.

Impact #3

Deception technology gave them 'eyes inside the network' visibility they were not getting from any other solutions.

Download PDF Version

Overview

Major Financial Services Company Choses Deception for Visibility and Forensics

Operational Impact