Case Studies Semiconductor Company Implements Deception to Stop Man-in-the-Middle Attacks

Edit This Case Study Record

	Semiconductor Company Implements Deception to Stop Man-in-the-Middle Attacks

Semiconductor Company Implements Deception to Stop Man-in-the-Middle Attacks

Technology Category	Cybersecurity & Privacy - Intrusion Detection Cybersecurity & Privacy - Security Compliance
Applicable Industries	Semiconductors
Applicable Functions	Business Operation
Use Cases	Intrusion Detection Systems
Services	System Integration Training
Challenge	The organization had been infiltrated by a Chinese hacker group using a man-in-the-middle attack that was able to successfully bypass their prevention systems and exfiltrate critical data. The security organization was instructed to improve their detection capabilities and get more reliable insight into threats that may be using tactics to steal credentials or use social engineering to penetrate the network. They needed a solution that would be able to detect subtle, in-network attacks as well as phishing and advanced threat protection. The biggest challenge this organization was facing was manpower. In addition to the numerous alerts generated by their prevention and other security devices, the infosec team was receiving 45-50 suspicious emails a day. The team was so severely burdened that they were rarely able to go through the backlog and investigate all of the potential threats that they were alerted to. Read More
About Customer	A global semiconductor manufacturer faced significant cybersecurity challenges, particularly from a Chinese hacker group that had successfully executed a man-in-the-middle attack, bypassing existing prevention systems and exfiltrating critical data. The company needed to protect its intellectual property and improve its detection capabilities to identify and respond to subtle, in-network attacks, phishing attempts, and advanced threats. The infosec team was overwhelmed with numerous alerts and suspicious emails, making it difficult to investigate all potential threats. The company required a solution that could provide reliable insights into threats, reduce false positives, and enhance their overall security posture across multiple locations worldwide. Read More
Solution	To ensure full coverage, the organization deployed the Attivo ThreatDefend Deception and Response Platform on all the VLANs in their network to specifically detect man-in-the-middle and lateral movement attacks. Additionally, the infosec team took full advantage of the analysis engine provided by the ThreatDefend Platform to more efficiently correlate attack information and for forensic reporting. Additionally, they automated the phishing email analysis process, providing a consistent way to analyze suspect emails and ensuring that all submitted samples are analyzed. The team was also able to achieve control of their alert volume since the Attivo solution alerts were all based on engagement and all represented either a threat or a misconfiguration that could become an attacker entry point. Since the organization has many locations, they needed a solution that would be able to protect their networks that are physically very far apart. Using virtual versions of the ThreatDefend solution, they deployed deception technology across offices in three different countries spanning two continents to cover their manufacturing, design, and management offices. Given the efficiency of this solution, deployment was fast and did not require additional staff to operate a global deployment. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Intrusion Detection

Cybersecurity & Privacy - Security Compliance

Applicable Industries

Semiconductors

Applicable Functions

Business Operation

Use Cases

Intrusion Detection Systems

Services

System Integration

Training

Challenge

The organization had been infiltrated by a Chinese hacker group using a man-in-the-middle attack that was able to successfully bypass their prevention systems and exfiltrate critical data. The security organization was instructed to improve their detection capabilities and get more reliable insight into threats that may be using tactics to steal credentials or use social engineering to penetrate the network. They needed a solution that would be able to detect subtle, in-network attacks as well as phishing and advanced threat protection. The biggest challenge this organization was facing was manpower. In addition to the numerous alerts generated by their prevention and other security devices, the infosec team was receiving 45-50 suspicious emails a day. The team was so severely burdened that they were rarely able to go through the backlog and investigate all of the potential threats that they were alerted to.

About Customer

A global semiconductor manufacturer faced significant cybersecurity challenges, particularly from a Chinese hacker group that had successfully executed a man-in-the-middle attack, bypassing existing prevention systems and exfiltrating critical data. The company needed to protect its intellectual property and improve its detection capabilities to identify and respond to subtle, in-network attacks, phishing attempts, and advanced threats. The infosec team was overwhelmed with numerous alerts and suspicious emails, making it difficult to investigate all potential threats. The company required a solution that could provide reliable insights into threats, reduce false positives, and enhance their overall security posture across multiple locations worldwide.

Solution

To ensure full coverage, the organization deployed the Attivo ThreatDefend Deception and Response Platform on all the VLANs in their network to specifically detect man-in-the-middle and lateral movement attacks. Additionally, the infosec team took full advantage of the analysis engine provided by the ThreatDefend Platform to more efficiently correlate attack information and for forensic reporting. Additionally, they automated the phishing email analysis process, providing a consistent way to analyze suspect emails and ensuring that all submitted samples are analyzed. The team was also able to achieve control of their alert volume since the Attivo solution alerts were all based on engagement and all represented either a threat or a misconfiguration that could become an attacker entry point. Since the organization has many locations, they needed a solution that would be able to protect their networks that are physically very far apart. Using virtual versions of the ThreatDefend solution, they deployed deception technology across offices in three different countries spanning two continents to cover their manufacturing, design, and management offices. Given the efficiency of this solution, deployment was fast and did not require additional staff to operate a global deployment.

Impact #1	The information security team saves critical time through the automation of malware and suspicious email analysis.
Impact #2	The high-fidelity alerts provided by the ThreatDefend Platform allow the team to focus their attention on substantiated threats rather than false positives generated by other devices.
Impact #3	The infosec team is very pleased with the accurate and high-fidelity alerts and that they now have the visibility into their network that was unachievable previous to their adoption of deception technology.

Impact #1

The information security team saves critical time through the automation of malware and suspicious email analysis.

Impact #2

The high-fidelity alerts provided by the ThreatDefend Platform allow the team to focus their attention on substantiated threats rather than false positives generated by other devices.

Impact #3

The infosec team is very pleased with the accurate and high-fidelity alerts and that they now have the visibility into their network that was unachievable previous to their adoption of deception technology.

Benefit #1	The infosec team was receiving 45-50 suspicious emails a day.

Benefit #1

The infosec team was receiving 45-50 suspicious emails a day.

Download PDF Version

Overview

Semiconductor Company Implements Deception to Stop Man-in-the-Middle Attacks

Operational Impact

Quantitative Benefit