Download PDF
Case Studies > Regional Bank Selects Attivo Networks® Deception Technology to Close Detection Gaps

Regional Bank Selects Attivo Networks® Deception Technology to Close Detection Gaps

Technology Category
  • Cybersecurity & Privacy - Endpoint Security
  • Cybersecurity & Privacy - Network Security
  • Cybersecurity & Privacy - Security Compliance
Applicable Industries
  • Finance & Insurance
Applicable Functions
  • Business Operation
Use Cases
  • Asset Health Management (AHM)
  • Intrusion Detection Systems
  • Remote Asset Management
Services
  • System Integration
  • Training
The Challenge
Penetration testing conducted by a 3rd party red team revealed security gaps in several areas of detection and visibility. The financial institution wanted to improve their detection and response capabilities against insider threats, Man in the Middle (MitM) attacks, and adversary internal reconnaissance. The organization decided to pilot the ThreatDefend platform in their production environment and planned to roll deception out to their entire infrastructure pending the results of the pilot program. Following a successful pilot, the Information Security team saw immense value in the solution and chose to move forward with a full, enterprise-wide deployment the following fiscal year. The organization had a small Information Security team with limited resources, which required tools that met their needs without adding to their workload. Ideally, they wanted to reduce the time it took to detect an attacker, leverage automation to improve their efficiency, gather improved forensic information, and streamline incident response. Any new solution was also required to efficiently scale to meet the security and limited staffing needs of their remote branch offices.
About The Customer
The customer is a regional commercial financial institution spanning five US states. This organization operates multiple branch locations and has a small Information Security team with limited resources. They are focused on improving their detection and response capabilities against various cyber threats, including insider threats, Man in the Middle (MitM) attacks, and adversary internal reconnaissance. The institution is committed to enhancing its security posture without adding significant strain to its existing resources. They are looking for solutions that can provide comprehensive visibility, efficient threat detection, and automated incident response to protect their extensive network of branch offices.
The Solution
The Attivo Networks ThreatDefend platform satisfied all of their requirements to provide visibility and insight into threats that had bypassed their perimeter defenses. Additionally, by leveraging the platform’s automated attack correlation features and native integrations, they were able to generate high-fidelity alerts, concise reporting, and automated incident response actions to drastically improve their capabilities with minimal impact on their resources. The organization started with a staged rollout that included a production-scale pilot and then moved into an enterprise-wide deployment. The ThreatDefend platform includes several components: BOTsink as the foundation, ThreatStrike for endpoint deception with deceptive credentials and other lures, ThreatDirect to extend decoys into branch offices, and ThreatPath to identify potential attack path routes of compromise. These components work together to provide a comprehensive deception strategy that enhances the organization's security posture.
Operational Impact
  • The organization saw immediate improvements in asset visibility, including exposed credential vulnerabilities with the ThreatPath visualization tool.
  • The security team found the deployment to be intuitive and easy to use, successfully deploying decoys before the scheduled Attivo Networks Customer Care Team arrived to assist.
  • After a successful deployment, the Information Security team saw major improvements in visibility and detection and were able to easily fit the ThreatDefend solution into their existing security architecture.
Quantitative Benefit
  • The organization saw immediate improvements in asset visibility.
  • The deployment was intuitive and easy to use, allowing for successful decoy deployment before scheduled assistance.
  • Accurate alerts are expected to reduce mean time-to-detection.

Related Case Studies.

Contact us

Let's talk!

* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.