Download PDF
Secureitsource
Technology Category
- Cybersecurity & Privacy - Endpoint Security
- Cybersecurity & Privacy - Identity & Authentication Management
Applicable Industries
- Finance & Insurance
Applicable Functions
- Business Operation
- Quality Assurance
Services
- System Integration
- Software Design & Engineering Services
The Challenge
A Financial Institution overwhelmed with the administrative privileges sprawled across their end-user environment needed a solution which would reduce the attack surface these network entry points exposed without affecting the strict Service Level Agreement’s (SLA’s) they have with their customers. With thousands of applications in use, the company’s immediate need was to remove local administrative rights from end-user machines. This was necessary to prevent end-users from granting themselves privileged access to applications they hadn’t been authorized to use. Since both Windows and Mac computers were being used to access applications, they needed a solution that would account for both operating systems. Beyond reducing insider risk, the lack of controls around local privilege management could also make it easy for attackers to establish a foothold in the company through these machines, escalate privileges and move laterally across the environment until a jackpot of data is discovered that can be exfiltrated outside of the network. To add to this, the institution needed to implement a simple process for their users to request access to the applications they may have had unrestricted access to previously, but are now being restricted by the solution. The goal was to keep the users with the minimum rights they needed to do their day to day tasks.
About The Customer
The customer is a large financial institution with over 10,000 employees. They operate in the consumer financial industry and are responsible for managing a vast array of financial services and products. The institution is highly regulated and must adhere to strict Service Level Agreements (SLAs) with their customers. They have a complex IT environment with thousands of applications in use, accessed by both Windows and Mac computers. The institution faced significant challenges with administrative privileges sprawled across their end-user environment, which posed a substantial security risk. They needed a solution to reduce the attack surface without affecting their SLAs and to manage local administrative rights effectively. The institution sought to implement a solution that would allow end-users to stay productive while ensuring robust security measures were in place.
The Solution
SecureITsource partnered with the financial institution to implement CyberArk’s Endpoint Privilege Manager solution. This solution was chosen to take control of the privilege issue while allowing end-users to stay productive. SecureITsource analyzed the company’s requirements and recommended CyberArk Endpoint Privilege Manager as the solution of choice. After reviewing the functionality of CyberArk, the company realized that beyond controlling privilege escalation, the detailed device and application inventories would be a large improvement to their security operations. During the implementation, the company’s security engineers found that the Endpoint Privilege Manager’s “monitor-only” mode was crucial to the project’s success as they were able to deploy the solution into production while simultaneously testing policies. This allowed SecureITsource and the company to test the impact of the access policies without affecting anything in the environment, ultimately releasing a production-tested solution in a short time frame. SecureITsource utilized its understanding of the CyberArk solution as well as role-based access control (RBAC) to design access policies for standard users, developers, desktop support users, and more. This granted the correct user’s access to the applications they needed on day one and reduced the need for users to request access overall. Moreover, SecureITsource worked to integrate Endpoint Privilege Manager with the company’s existing SIEM solution – delivering another boost to the company’s security operations by providing detailed logs and metrics of privileged activity throughout the organization.
Operational Impact
Quantitative Benefit
Related Case Studies.
Case Study
Real-time In-vehicle Monitoring
The telematic solution provides this vital premium-adjusting information. The solution also helps detect and deter vehicle or trailer theft – as soon as a theft occurs, monitoring personnel can alert the appropriate authorities, providing an exact location.“With more and more insurance companies and major fleet operators interested in monitoring driver behaviour on the grounds of road safety, efficient logistics and costs, the market for this type of device and associated e-business services is growing rapidly within Italy and the rest of Europe,” says Franco.“The insurance companies are especially interested in the pay-per-use and pay-as-you-drive applications while other organisations employ the technology for road user charging.”“One million vehicles in Italy currently carry such devices and forecasts indicate that the European market will increase tenfold by 2014.However, for our technology to work effectively, we needed a highly reliable wireless data network to carry the information between the vehicles and monitoring stations.”
Case Study
Safety First with Folksam
The competitiveness of the car insurance market is driving UBI growth as a means for insurance companies to differentiate their customer propositions as well as improving operational efficiency. An insurance model - usage-based insurance ("UBI") - offers possibilities for insurers to do more efficient market segmentation and accurate risk assessment and pricing. Insurers require an IoT solution for the purpose of data collection and performance analysis
Case Study
Smooth Transition to Energy Savings
The building was equipped with four end-of-life Trane water cooled chillers, located in the basement. Johnson Controls installed four York water cooled centrifugal chillers with unit mounted variable speed drives and a total installed cooling capacity of 6,8 MW. Each chiller has a capacity of 1,6 MW (variable to 1.9MW depending upon condenser water temperatures). Johnson Controls needed to design the equipment in such way that it would fit the dimensional constraints of the existing plant area and plant access route but also the specific performance requirements of the client. Morgan Stanley required the chiller plant to match the building load profile, turn down to match the low load requirement when needed and provide an improvement in the Energy Efficiency Ratio across the entire operating range. Other requirements were a reduction in the chiller noise level to improve the working environment in the plant room and a wide operating envelope coupled with intelligent controls to allow possible variation in both flow rate and temperature. The latter was needed to leverage increased capacity from a reduced number of machines during the different installation phases and allow future enhancement to a variable primary flow system.
Case Study
Automated Pallet Labeling Solution for SPR Packaging
SPR Packaging, an American supplier of packaging solutions, was in search of an automated pallet labeling solution that could meet their immediate and future needs. They aimed to equip their lines with automatic printer applicators, but also required a solution that could interface with their accounting software. The challenge was to find a system that could read a 2D code on pallets at the stretch wrapper, track the pallet, and flag any pallets with unread barcodes for inspection. The pallets could be single or double stacked, and the system needed to be able to differentiate between the two. SPR Packaging sought a system integrator with extensive experience in advanced printing and tracking solutions to provide a complete traceability system.
Case Study
Transforming insurance pricing while improving driver safety
The Internet of Things (IoT) is revolutionizing the car insurance industry on a scale not seen since the introduction of the car itself. For decades, premiums have been calculated using proxy-based risk assessment models and historical data. Today, a growing number of innovative companies such as Quebec-based Industrielle Alliance are moving to usage-based insurance (UBI) models, driven by the advancement of telematics technologies and smart tracking devices.
Case Study
MasterCard Improves Customer Experience Through Self-Service Data Prep
Derek Madison, Leader of Business Financial Support at MasterCard, oversees the validation of transactions and cash between two systems, whether they’re MasterCard owned or not. He was charged with identifying new ways to increase efficiency and improve MasterCard processes. At the outset, the 13-person team had to manually reconcile system interfaces using reports that resided on the company’s mainframe. Their first order of business each day was to print 20-30 individual, multi-page reports. Using a ruler to keep their place within each report, they would then hand-key the relevant data, line by line, into Excel for validation. “We’re talking about a task that took 40-80 hours each week,” recalls Madison, “As a growing company with rapidly expanding product offerings, we had to find a better way to prepare this data for analysis.”