X

Metro Bank, Britain’s first new High Street bank in over 100 years, was facing a significant challenge in improving employee productivity by enabling off-network access to Office 365 and Yammer. Despite having AirWatch Mobile Device Management (MDM) in place, the bank felt that the move was too risky due to the vital importance of protecting bank and customer data. The bank wanted to limit off-network access to corporate devices already managed with their AirWatch MDM deployment, but there was no straightforward way to enforce this policy with their existing tools. The bank's goal was to provide full access to Office 365 for corporate owned device users, on or off network, and to extend access to Yammer to personal device users. In the second phase, specific colleagues were to be given off-site access to the more-sensitive information within Dynamics CRM.

Drupal.org, a community of over a million developers, designers, trainers, strategists, coordinators, editors, and sponsors, faced a significant challenge with spam. Spammers created bogus accounts to post junk content on Drupal.org's website, which has a highly coveted Google PageRank of 9. This spam was damaging to the Drupal brand and risked lowering its PageRank value. The spam was not automated but posted by actual people, making it harder to mitigate. The staff and community volunteers had to spend considerable time manually identifying and removing spam, with some spending up to half their workday on this task. Additionally, the spammer accounts skewed the community engagement metrics, making it hard to gauge the actual growth and engagement of the community. The spam also took up unnecessary space in the database and backups.

PSCU, a credit union service organization, was facing a significant challenge in protecting its sensitive data from advanced targeted attacks. These attacks are multi-phased and designed to bypass the security perimeter, often targeting company employees as an entry point. PSCU had tokenization and encryption technology in place, but they understood that monitoring all access to sensitive information and responding to suspicious activity in real-time was crucial for enhancing their security posture. They needed a solution to monitor privileged users, who are often the prime target of advanced attacks, and locate unauthorized copies of databases. Additionally, PSCU wanted a dedicated malware detection solution to add to its layered defense strategy.

Partner Agent Inc., a leading innovator in the marriage services industry, was faced with the challenge of ensuring absolute security for its new B2B business initiatives. The company needed a security system that could be implemented with limited human resources, yet robust enough to safeguard web access and protect their extremely important customer information. The company was also looking for a reputable security vendor that could put their partners at ease. As the company expanded into B2B, it became imperative to have a Web Application Firewall (WAF) that offered absolute security. The company was entrusted with extremely personal details about its clients, making it crucial to have a reliable IT system as part of its business infrastructure. As the business underwent rapid expansion, the number of new features provided and their constant upgrading gave rise to new problems.

ALYN Woldenberg Family Hospital, Israel’s only pediatric rehabilitation facility, was facing a significant challenge in securing its website and customer database of over 70,000 patients. The hospital's IT team was particularly concerned about the security of their content management system (CMS), as they felt their existing cybersecurity vendor was not updating the security on their CMS frequently enough. This left them vulnerable to cyberattacks, a growing concern in the healthcare industry. The hospital also had to consider patient privacy and regulatory compliance in their search for a new cybersecurity solution. The cost-benefit ratio and the constraints of a small IT team meant they needed a managed system that was easy to integrate and required minimal upkeep. Initially hesitant to move to a cloud-based system due to strict government regulations, they were also concerned about the potential weak points in their special projects website, which was used for resource development and event coordination.

A leading global bank, operating in over 40 countries and serving over 38 million customers, was facing significant challenges in meeting key regulatory requirements such as the Monetary Authority of Singapore Technology Risk Management (MAS TRM), Reserve Bank of India (RBI) Guidelines, and Sarbanes-Oxley Act (SOX). The bank was using built-in auditing capabilities included with their databases to meet these requirements. However, these tools proved to be costly and unreliable, consuming 20% of their database processing power, requiring additional hardware and software purchases, and necessitating extra storage space for the massive volume of log data being collected. The bank also had to increase its IT headcount to manage the auditing system and run audit reports. The bank estimated that to make their in-house solution work effectively, it would cost them at least $100 million. Furthermore, the bank failed an audit due to their inability to produce consistent and repeatable audit reports that satisfied the different regulations.

The automotive retailer, operating hundreds of stores and websites, was facing a significant challenge with malicious bot traffic. Despite having multiple firewalls, appliances, and other mechanisms for blocking attacks, the company's nearly 100 web properties were frequently crashing due to bad bots attempting to scrape content. The bots were pulling an average of 8,000 pages per second for competitive data mining, causing the sites to crash frequently. The company was also struggling with managing blacklists and whitelists, which was proving to be an administrative nightmare. The situation was so severe that it was consuming the equivalent of one full-time employee (FTE). The company needed a solution that could intelligently block traffic, maintain the same service level from a performance standpoint, integrate seamlessly with their existing complex infrastructure, and work well with their existing monitoring tools.

A leading research university in the U.S. was seeking a robust security solution for their SharePoint system to protect it from both internal and external threats. The university, like many other higher education institutions, was focused on maintaining compliance with regulations such as FERPA, PCI, and HIPAA, and ensuring the security of their online presence. The Information Technology group at the university was responsible for securing the websites for the revenue-generating departments on campus. They used Microsoft SharePoint for their intranet portals and hosted public-facing websites for various services like student housing, campus parking, the university bookstore, dining programs, and more. These sites served as self-service commerce portals for its 30,000 undergraduate and graduate students, necessitating deeper security assurance and greater visibility into the SharePoint environment. The university wanted to better understand the SharePoint security posture of both its external and internal deployments. They found that native SharePoint lacked the necessary security capabilities to protect a web-facing deployment that housed sensitive data like financial information, personal health information (PHI), and personally identifiable information (PII).

AARP, an organization dedicated to improving the quality of life for people over 50, offers a range of products, services, and resources to its millions of members. Many of these services involve the use of personally identifiable information (PII), necessitating a robust security-in-depth cyber defense program to protect the data of AARP members, volunteers, and employees. AARP was in search of a runtime application self-protection (RASP) solution that could safeguard its Amazon Web Services (AWS)-hosted applications from attacks in its production environments. The organization had identified 31 Java applications for initial RASP implementation, but also needed a solution that could accommodate potential future transitions to a microservices-based architecture. Additionally, AARP required a RASP solution that would complement its existing security program, which includes vulnerability management, incident detection and response, and network defense.

Covelli Enterprises, the largest franchisee of Panera Breads and O’Charley’s restaurants, was facing a significant challenge with its web security. Despite maintaining a low online profile, the company's web servers were consistently targeted by IP addresses from foreign countries. These servers housed sensitive data, including web-based email accounts, company reports, and business intelligence. The potential exploitation of these servers could lead to consumers being lured with malicious web advertising. Covelli's initial solution, an IPS system, proved insufficient as there were numerous ways to bypass it. The company needed a more robust solution to block attacks from known malicious users, monitor web application traffic, block web page and malware injection, and prevent unauthorized access to specific web servers.

A leading online education services provider in the United States faced a significant challenge in protecting the Personally Identifiable Information (PII) of its students in non-production environments. These environments included application development, testing, and training, which required the use of student data. The challenge was to find a solution that could securely de-identify student information before sharing it for these purposes. The need for such a solution was driven not only by the priority of ensuring the security of student information but also by the need to comply with the Family Educational Rights and Protection Act (FERPA). The client was also under pressure to maintain the integrity of its brand and uphold a track record of secure student data. The ideal solution needed to be time and resource-efficient, support the complexity of their underlying data, and mask it intelligently so that the end result looks and acts like the original data. The client also sought a vendor with a strong consulting practice to leverage data masking experts and accelerate the project.

Banco Popular Dominicano (BPD), a leading privately owned bank in the Dominican Republic, was facing challenges with its complex database environments. The databases were on separate servers, shared and consolidated due to the high cost of infrastructure. The existing solution was not meeting the bank's needs as it required too much time and resources to operate, and lacked the capacity to scale to meet the high demands of the production environment. The bank needed a solution that would not negatively affect any production process and could run without the need for additional equipment and personnel.

Intuition Systems, a high-volume electronic payment processor, was faced with the challenge of meeting the new PCI requirement for Web Application protection. As a Level 1 Payment Card Industry Service Provider, they had the option to either install application layer firewall technology or go through a secure code vulnerability assessment process for each of their custom applications. At the time, six of their custom applications processed credit cards and were subject to PCI. They expected this number to grow to 10 or more within the year. The process of obtaining a code vulnerability assessment of each custom application would be time-consuming and expensive, and would restrain their ability to add applications and scale their business. Therefore, they decided that the secure code assessment option did not fit their business model. They needed a solution that was scalable, easy to implement and manage, and would not impact their applications and IT infrastructure.

Pelephone Communications Ltd., a leading communications company in Israel, was facing a significant challenge in managing and securing its vast amount of customer and financial data. The company's Chief Security Officer, Yoni Elias, was keen on ensuring that all sensitive data was accessible only on a business need-to-know basis. To enhance Pelephone’s security posture and meet compliance requirements, the company needed granular visibility into file and folder permissions, easy and automated data ownership identification, scheduled and on-demand access audit reports, and real-time policies to alert on data usage that violated standard corporate practices. However, their existing data governance system, particularly the reporting and alerting capabilities, had significant drawbacks that were driving operational costs higher.

The client, a global aerospace and defense organization, faced a significant challenge in enhancing the privacy and security of its database testing to safeguard all copies of live data within the organization. As one of the largest U.S. exporters, the company needed to maintain reliable data controls to protect its reputation and the interests of its customers, vendors, and employees. The client's goal was to find a data masking solution that would improve security without compromising the efficiency of database projects that included software development, integration testing, and offshoring. The challenge for Imperva was to ensure that the database copies were realistic for accurate testing and development, and to achieve secure and realistic data masking across multiple and varying data stores and complex applications.

NTT TechnoCross, a subsidiary of Nippon Telegraph and Telephone (NTT), is a company that offers advanced IT services and technology to its customers. The company's website serves as the central source of information, delivering the brand directly to customers and helping build customer loyalty. Any interruption in the operation of the website has a large impact, with the potential of a loss of trust that extends beyond the company to the NTT Group as a whole. As a company that builds its branding on security technology, it is imperative that NTT TechnoCross protects itself against cyberattacks as any damage would bear a significant loss in its brand value. When the time came for the company to renew its website, selecting a solution to protect the site was crucial for the company. The company was already facing growing demand for cloud computing in business at the time. With technical support for customers’ cloud computing and security as one of its core offerings, NTT TechnoCross considered using cloud-based services for its own renewed site. At the same time, it made the decision to switch from in-house operations to the use of services in security as well.

A Fortune 500 IT services and business software company, with over 20,000 employees, provides data center hosting services for its own financial applications and for third-party web applications. Many of these applications are internet-facing and regulated by the Sarbanes-Oxley and Gramm-Leach-Bliley Acts, requiring the company to protect sensitive data. The company faced challenges in maintaining security due to the dynamic and highly-customized nature of its applications. Continual scanning of applications after every change was burdensome and required significant coordination between application developers and security engineers. The company needed a solution that would not impact release schedules, provide instant vulnerability remediation, and integrate seamlessly into their virtualized environment.

DigiCert, a provider of scalable TLS/SSL and PKI solutions, was already using Imperva’s SaaS Web Application Firewall (WAF) to protect their on-premises applications when they began migrating some of their workloads to Amazon Web Services (AWS). However, they were using another vendor for DDoS mitigation on AWS, which they found unsatisfactory due to excessive scrubbing of traffic and blocking of legitimate traffic. As DigiCert's usage of AWS grew, they realized the need for a new security solution that could manage risk, monitor all traffic, rapidly identify threats, and only allow valid traffic to access their applications. They wanted a solution from a single provider that could deliver both WAF protection and DDoS mitigation across their entire hybrid environment. The solution also needed to lower false positives, assure rapid response to minimize potential business interruption, and automate as much of the security process as possible due to time and resource constraints.

Discovery, Inc., a global leader in non-fiction entertainment, faced a significant challenge in managing large amounts of digital customer and company data due to its popularity. The data was subject to compliance regulations and regular audits, and the company needed clearer visibility into their data estate. The challenge was compounded by several factors, including a merger and personnel changes in 2018, which left much of the older data inaccessible to new toolsets. Initially, Discovery, Inc. used Imperva’s SecureSphere to pinpoint certain schemas and security controls they needed to address, and to then adopt those security controls as required. However, as the company expanded into a more cloud-native infrastructure, they needed to extend their compliance requirements coverage to both on-premises and cloud-native technologies.

The Tokyo Institute of Technology, Japan’s leading science and technology university, was facing significant security threats to the content of nearly 400 websites operated by its on-campus hosting service. The university's Global Scientific Information and Computing Center (GSIC) department, responsible for managing and maintaining the institute’s IT environments, was under constant attack. With limited security professional resources within the department, the university was in dire need of a robust, easy-to-deploy solution that could effectively protect their web content. The challenge was further compounded by the extensive incident response workload of the security management team and the limited human resources of the security operation team.

Scoot Airlines, a low-cost arm of the Singapore Airlines Group, was facing a significant challenge with bad bots abusing their booking engine. Unauthorized OTAs, competitors, and meta search sites were using sophisticated web scraping bots to exploit the business logic of Scoot’s booking engine. This led to skewed look-to-book ratios and site slowdowns. The bot traffic was also depriving legitimate customers of the opportunity to book air travel on Scoot’s website. Furthermore, Scoot was dealing with a high volume of traffic due to novice software development practices at its travel partners. The bot traffic was causing slowdowns across passenger-facing systems, including flight check-ins, which could trigger delays in departure times. The bot incidents were also impacting staff resources across multiple departments.

The Israel Ministry of Finance e-Government Initiative, also known as the Tehila project, was faced with the challenge of protecting sensitive applications and data from cyber-terror attacks while ensuring 24/7 access for visitors. The project was responsible for providing all government ministries and institutions with secure Internet services. The primary motive was to prevent cyber-terror attacks on sensitive applications and data. Tehila hosts and secures dozens of government web applications and needed to build a secure platform for these applications and data to appear on the Internet. Before Tehila, the sites were hosted by private ISPs at a very low security level and some were breached. The solution needed to be easy to deploy, not burden the staff with excessive maintenance, and provide reporting with a view into what was happening in their applications.

PayFlex, a third-party administrator that works directly with employers to administer their benefit spending accounts, COBRA and Transit programs, faced a significant security challenge. The company provides consumers with a specialized debit card for medical transactions, which necessitates the storage of debit card numbers and claim data. This convenience, however, is balanced by potential security and regulatory considerations. PayFlex has a responsibility to uphold the highest security standards to protect its customers and their employees. Regulatory compliance is a major consideration for PayFlex, as it must contend with PCI and HIPAA standards. PCI mandates basic network security controls to protect cardholder data, and HIPAA standards require that enterprises prevent health information from being leaked. The liability for a breach is expensive, reaching up to $1.5 million since the implementation of the HITECH Act.