Case Studies Regional Bank Selects Attivo Networks® Deception Technology to Close Detection Gaps

Edit This Case Study Record

	Regional Bank Selects Attivo Networks® Deception Technology to Close Detection Gaps

Regional Bank Selects Attivo Networks® Deception Technology to Close Detection Gaps

Technology Category	Cybersecurity & Privacy - Endpoint Security Cybersecurity & Privacy - Network Security Cybersecurity & Privacy - Security Compliance
Applicable Industries	Finance & Insurance
Applicable Functions	Business Operation
Use Cases	Asset Health Management (AHM) Intrusion Detection Systems Remote Asset Management
Services	System Integration Training
Challenge	Penetration testing conducted by a 3rd party red team revealed security gaps in several areas of detection and visibility. The financial institution wanted to improve their detection and response capabilities against insider threats, Man in the Middle (MitM) attacks, and adversary internal reconnaissance. The organization decided to pilot the ThreatDefend platform in their production environment and planned to roll deception out to their entire infrastructure pending the results of the pilot program. Following a successful pilot, the Information Security team saw immense value in the solution and chose to move forward with a full, enterprise-wide deployment the following fiscal year. The organization had a small Information Security team with limited resources, which required tools that met their needs without adding to their workload. Ideally, they wanted to reduce the time it took to detect an attacker, leverage automation to improve their efficiency, gather improved forensic information, and streamline incident response. Any new solution was also required to efficiently scale to meet the security and limited staffing needs of their remote branch offices. Read More
About Customer	The customer is a regional commercial financial institution spanning five US states. This organization operates multiple branch locations and has a small Information Security team with limited resources. They are focused on improving their detection and response capabilities against various cyber threats, including insider threats, Man in the Middle (MitM) attacks, and adversary internal reconnaissance. The institution is committed to enhancing its security posture without adding significant strain to its existing resources. They are looking for solutions that can provide comprehensive visibility, efficient threat detection, and automated incident response to protect their extensive network of branch offices. Read More
Solution	The Attivo Networks ThreatDefend platform satisfied all of their requirements to provide visibility and insight into threats that had bypassed their perimeter defenses. Additionally, by leveraging the platform’s automated attack correlation features and native integrations, they were able to generate high-fidelity alerts, concise reporting, and automated incident response actions to drastically improve their capabilities with minimal impact on their resources. The organization started with a staged rollout that included a production-scale pilot and then moved into an enterprise-wide deployment. The ThreatDefend platform includes several components: BOTsink as the foundation, ThreatStrike for endpoint deception with deceptive credentials and other lures, ThreatDirect to extend decoys into branch offices, and ThreatPath to identify potential attack path routes of compromise. These components work together to provide a comprehensive deception strategy that enhances the organization's security posture. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Endpoint Security

Cybersecurity & Privacy - Network Security

Cybersecurity & Privacy - Security Compliance

Applicable Industries

Finance & Insurance

Applicable Functions

Business Operation

Use Cases

Asset Health Management (AHM)

Intrusion Detection Systems

Remote Asset Management

Services

System Integration

Training

Challenge

Penetration testing conducted by a 3rd party red team revealed security gaps in several areas of detection and visibility. The financial institution wanted to improve their detection and response capabilities against insider threats, Man in the Middle (MitM) attacks, and adversary internal reconnaissance. The organization decided to pilot the ThreatDefend platform in their production environment and planned to roll deception out to their entire infrastructure pending the results of the pilot program. Following a successful pilot, the Information Security team saw immense value in the solution and chose to move forward with a full, enterprise-wide deployment the following fiscal year. The organization had a small Information Security team with limited resources, which required tools that met their needs without adding to their workload. Ideally, they wanted to reduce the time it took to detect an attacker, leverage automation to improve their efficiency, gather improved forensic information, and streamline incident response. Any new solution was also required to efficiently scale to meet the security and limited staffing needs of their remote branch offices.

About Customer

The customer is a regional commercial financial institution spanning five US states. This organization operates multiple branch locations and has a small Information Security team with limited resources. They are focused on improving their detection and response capabilities against various cyber threats, including insider threats, Man in the Middle (MitM) attacks, and adversary internal reconnaissance. The institution is committed to enhancing its security posture without adding significant strain to its existing resources. They are looking for solutions that can provide comprehensive visibility, efficient threat detection, and automated incident response to protect their extensive network of branch offices.

Solution

The Attivo Networks ThreatDefend platform satisfied all of their requirements to provide visibility and insight into threats that had bypassed their perimeter defenses. Additionally, by leveraging the platform’s automated attack correlation features and native integrations, they were able to generate high-fidelity alerts, concise reporting, and automated incident response actions to drastically improve their capabilities with minimal impact on their resources. The organization started with a staged rollout that included a production-scale pilot and then moved into an enterprise-wide deployment. The ThreatDefend platform includes several components: BOTsink as the foundation, ThreatStrike for endpoint deception with deceptive credentials and other lures, ThreatDirect to extend decoys into branch offices, and ThreatPath to identify potential attack path routes of compromise. These components work together to provide a comprehensive deception strategy that enhances the organization's security posture.

Impact #1	The organization saw immediate improvements in asset visibility, including exposed credential vulnerabilities with the ThreatPath visualization tool.
Impact #2	The security team found the deployment to be intuitive and easy to use, successfully deploying decoys before the scheduled Attivo Networks Customer Care Team arrived to assist.
Impact #3	After a successful deployment, the Information Security team saw major improvements in visibility and detection and were able to easily fit the ThreatDefend solution into their existing security architecture.

Impact #1

The organization saw immediate improvements in asset visibility, including exposed credential vulnerabilities with the ThreatPath visualization tool.

Impact #2

The security team found the deployment to be intuitive and easy to use, successfully deploying decoys before the scheduled Attivo Networks Customer Care Team arrived to assist.

Impact #3

After a successful deployment, the Information Security team saw major improvements in visibility and detection and were able to easily fit the ThreatDefend solution into their existing security architecture.

Benefit #1	The organization saw immediate improvements in asset visibility.
Benefit #2	The deployment was intuitive and easy to use, allowing for successful decoy deployment before scheduled assistance.
Benefit #3	Accurate alerts are expected to reduce mean time-to-detection.

Benefit #1

The organization saw immediate improvements in asset visibility.

Benefit #2

The deployment was intuitive and easy to use, allowing for successful decoy deployment before scheduled assistance.

Benefit #3

Accurate alerts are expected to reduce mean time-to-detection.

Download PDF Version

Overview

Regional Bank Selects Attivo Networks® Deception Technology to Close Detection Gaps

Operational Impact

Quantitative Benefit