Download PDF
Case Studies > Major Financial Services Company Choses Deception for Visibility and Forensics

Major Financial Services Company Choses Deception for Visibility and Forensics

Technology Category
  • Analytics & Modeling - Machine Learning
  • Cybersecurity & Privacy - Endpoint Security
  • Cybersecurity & Privacy - Network Security
Applicable Industries
  • Finance & Insurance
Applicable Functions
  • Business Operation
Use Cases
  • Intrusion Detection Systems
  • Remote Asset Management
Services
  • System Integration
  • Training
The Challenge
Information Security senior management sought to gain better visibility into their diverse and international network environment and address the often-challenging question of whether their security controls were working reliably. They needed to understand what threats had bypassed these controls and whether these threats were doing anything that could negatively impact operations. With a diverse infrastructure and assets in numerous countries, gaining adequate visibility into remote locations and providing consistent data security compliance was especially challenging. The specific restrictions in some regions posed additional challenges requiring unique solutions. The organization needed a solution that would be easy to deploy and manage, even in remote locations, and would not unduly increase their information security team’s workload.
About The Customer
The customer is a large financial services company with a diverse and international network environment. The company operates across corporate and remote offices, facing the challenge of fully understanding what threats were within their environment and how likely they were to cause harm. Despite having a mature and well-implemented security posture, the company needed better visibility and early threat detection capabilities. The Vice President of Cybersecurity was particularly focused on gaining insights into the attacker’s entry points, methods, and motivations. The company required a solution that could be easily deployed and managed across its global operations without adding significant workload to its information security team.
The Solution
The organization selected the Attivo Networks® ThreatDefend™ platform, utilizing the BOTsink® server to deploy decoys, ThreatDirect™ to project decoys into remote locations, and ThreatStrike™ to place deception credentials and other assets on the endpoints. The organization used staged rollouts to test detection strategies and the application of deception techniques. The deployment process was simplified with the use of machine learning, making it easy to prepare, deploy, and update deceptions while maintaining environmental authenticity and attractiveness for an attacker. The ThreatDefend platform provided global early threat detection and the ability to easily and scalably provide deception into remote locations without requiring additional hardware. The platform’s ability to gather adversary intelligence, including TTPs, IOCs, and threat intelligence, provided insight into the attacker’s entry point, methods, and motivation.
Operational Impact
  • The organization added deception technology to proactively achieve visibility, especially in remote locations, and provide improved reporting and forensics capability across their widely varied sites.
  • The ThreatDefend platform was easy to deploy and maintain at scale, providing high-fidelity, accurate alerts.
  • Deception technology gave them 'eyes inside the network' visibility they were not getting from any other solutions.

Related Case Studies.

Contact us

Let's talk!

* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.