Case Studies Manufacturer Protects Intellectual Property With ThreatDefend Platform

Edit This Case Study Record

	Manufacturer Protects Intellectual Property With ThreatDefend Platform

Manufacturer Protects Intellectual Property With ThreatDefend Platform

Technology Category	Cybersecurity & Privacy - Intrusion Detection Cybersecurity & Privacy - Network Security Cybersecurity & Privacy - Security Compliance
Applicable Industries	Electronics Semiconductors
Applicable Functions	Business Operation Quality Assurance
Use Cases	Cybersecurity Intrusion Detection Systems Remote Asset Management
Services	Cybersecurity Services System Integration
Challenge	A major problem the organization had with their cyber security infrastructure was that they had extremely limited visibility into the subnets that contained their most critical data. If these subnets were breached, the team would have significant difficulties detecting the threat inside. Another challenge the organization was facing was the number of alerts that were generated by their other security devices. The alerts generated were not only high in volume, but many times were false positives or unsubstantiated. The impact that the alerts had on the team was that they were unable to conduct the research necessary on these alerts to decipher between substantiated alerts and false positives. Therefore, they could not be confident that if they escalated an alert it would not be a false positive and a waste of resources to investigate. A situation such as this is extremely problematic for any infosec team because it forces them to choose between wasting resources investigating false positives or hoping that their incident response tools will be good enough to remediate an advanced threat that had penetrated their system. Facing this choice, the team was not confident in their security controls to protect their critical intellectual property. Read More
About Customer	The customer is a global semiconductor manufacturer with a significant investment in intellectual property, particularly in chip design within highly sensitive labs. The organization operates multiple locations across different continents, adding complexity and increasing the number of potentially exploitable endpoints for cyberattacks. The infosec team is particularly concerned about advanced threats that could penetrate their prevention systems and extract valuable information, especially through targeted stolen credential attacks against employees. The loss of critical intellectual property would not only reveal technological advancements but also diminish the company's competitive edge, significantly impacting their bottom line. Read More
Solution	The infosec team deployed the ThreatDefend Deception and Response Platform across multiple locations in their critical subnets to increase the visibility of in-network threats. As the team operationalized ThreatDefend deception, the visibility gap that had widened in their network immediately closed and their alerts were now substantiated so that threats could be quickly addressed. Within 30 minutes, they had complete visibility across their entire network and saw high-fidelity alerts that were previously unattainable. With immediate visibility, the team is now alerted to only the malicious activity inside of their network. They now had the visibility they were looking for to catch in-network threats with zero false positives. But the team needed a solution that could do more than just detect. Taking advantage of the power of the ThreatDefend™ solution to analyze threats and produce detailed attack forensics, the team has configured their network so that blocked URLs from their firewall are automatically redirected to the ThreatDefend platform for analysis. Letting the entire attack play out, the ThreatDefend captures all of the activity and relays the information in a variety of formats. The detailed forensics allow the infosec team to have more visibility into not only what an attack is doing, but how to better prevent it in the future. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Intrusion Detection

Cybersecurity & Privacy - Network Security

Cybersecurity & Privacy - Security Compliance

Applicable Industries

Electronics

Semiconductors

Applicable Functions

Business Operation

Quality Assurance

Use Cases

Cybersecurity

Intrusion Detection Systems

Remote Asset Management

Services

Cybersecurity Services

System Integration

Challenge

A major problem the organization had with their cyber security infrastructure was that they had extremely limited visibility into the subnets that contained their most critical data. If these subnets were breached, the team would have significant difficulties detecting the threat inside. Another challenge the organization was facing was the number of alerts that were generated by their other security devices. The alerts generated were not only high in volume, but many times were false positives or unsubstantiated. The impact that the alerts had on the team was that they were unable to conduct the research necessary on these alerts to decipher between substantiated alerts and false positives. Therefore, they could not be confident that if they escalated an alert it would not be a false positive and a waste of resources to investigate. A situation such as this is extremely problematic for any infosec team because it forces them to choose between wasting resources investigating false positives or hoping that their incident response tools will be good enough to remediate an advanced threat that had penetrated their system. Facing this choice, the team was not confident in their security controls to protect their critical intellectual property.

About Customer

The customer is a global semiconductor manufacturer with a significant investment in intellectual property, particularly in chip design within highly sensitive labs. The organization operates multiple locations across different continents, adding complexity and increasing the number of potentially exploitable endpoints for cyberattacks. The infosec team is particularly concerned about advanced threats that could penetrate their prevention systems and extract valuable information, especially through targeted stolen credential attacks against employees. The loss of critical intellectual property would not only reveal technological advancements but also diminish the company's competitive edge, significantly impacting their bottom line.

Solution

The infosec team deployed the ThreatDefend Deception and Response Platform across multiple locations in their critical subnets to increase the visibility of in-network threats. As the team operationalized ThreatDefend deception, the visibility gap that had widened in their network immediately closed and their alerts were now substantiated so that threats could be quickly addressed. Within 30 minutes, they had complete visibility across their entire network and saw high-fidelity alerts that were previously unattainable. With immediate visibility, the team is now alerted to only the malicious activity inside of their network. They now had the visibility they were looking for to catch in-network threats with zero false positives. But the team needed a solution that could do more than just detect. Taking advantage of the power of the ThreatDefend™ solution to analyze threats and produce detailed attack forensics, the team has configured their network so that blocked URLs from their firewall are automatically redirected to the ThreatDefend platform for analysis. Letting the entire attack play out, the ThreatDefend captures all of the activity and relays the information in a variety of formats. The detailed forensics allow the infosec team to have more visibility into not only what an attack is doing, but how to better prevent it in the future.

Impact #1	The organization has implemented multiple units in several networks and has fully operationalized the ThreatDefend platform. The results, in their words, have been magnificent. The ThreatDefend alerted the team to malicious activity inside of their subnet and quickly acted on the detailed alert. The team was then able to use the forensics gathered from the ThreatDefend platform to drastically increase their incident response time. The team was able to remediate the threat before any critical data was breached. Without the visibility into the threat that the ThreatDefend provided, it is likely that the team would not have detected the threat before it had exported critical assets. Another added benefit to the team was the ability to remove the debate about taking critical devices off-line. With the substantiated attack detail, the team was able to take the Attivo alerts and show irrefutably that the systems were infected and that they needed to be remediated. This also saved them a great deal of frustration and eliminated the need to do additional research to justify their actions.

Impact #1

The organization has implemented multiple units in several networks and has fully operationalized the ThreatDefend platform. The results, in their words, have been magnificent. The ThreatDefend alerted the team to malicious activity inside of their subnet and quickly acted on the detailed alert. The team was then able to use the forensics gathered from the ThreatDefend platform to drastically increase their incident response time. The team was able to remediate the threat before any critical data was breached. Without the visibility into the threat that the ThreatDefend provided, it is likely that the team would not have detected the threat before it had exported critical assets. Another added benefit to the team was the ability to remove the debate about taking critical devices off-line. With the substantiated attack detail, the team was able to take the Attivo alerts and show irrefutably that the systems were infected and that they needed to be remediated. This also saved them a great deal of frustration and eliminated the need to do additional research to justify their actions.

Benefit #1	Within 30 minutes, they had complete visibility across their entire network.
Benefit #2	The ThreatDefend Platform provides early detection and saves time by generating only high-fidelity, actionable alerts.

Benefit #1

Within 30 minutes, they had complete visibility across their entire network.

Benefit #2

The ThreatDefend Platform provides early detection and saves time by generating only high-fidelity, actionable alerts.

Download PDF Version

Overview

Manufacturer Protects Intellectual Property With ThreatDefend Platform

Operational Impact

Quantitative Benefit