下载PDF

实例探究 > Regional Bank Selects Attivo Networks® Deception Technology to Close Detection Gaps

Regional Bank Selects Attivo Networks® Deception Technology to Close Detection Gaps

技术

网络安全和隐私 - 端点安全
网络安全和隐私 - 网络安全
网络安全和隐私 - 安全合规

适用行业

金融与保险

适用功能

商业运营

用例

资产健康管理 (AHM)
入侵检测系统
远程资产管理

服务

系统集成
培训

挑战

Penetration testing conducted by a 3rd party red team revealed security gaps in several areas of detection and visibility. The financial institution wanted to improve their detection and response capabilities against insider threats, Man in the Middle (MitM) attacks, and adversary internal reconnaissance. The organization decided to pilot the ThreatDefend platform in their production environment and planned to roll deception out to their entire infrastructure pending the results of the pilot program. Following a successful pilot, the Information Security team saw immense value in the solution and chose to move forward with a full, enterprise-wide deployment the following fiscal year. The organization had a small Information Security team with limited resources, which required tools that met their needs without adding to their workload. Ideally, they wanted to reduce the time it took to detect an attacker, leverage automation to improve their efficiency, gather improved forensic information, and streamline incident response. Any new solution was also required to efficiently scale to meet the security and limited staffing needs of their remote branch offices.

关于客户

The customer is a regional commercial financial institution spanning five US states. This organization operates multiple branch locations and has a small Information Security team with limited resources. They are focused on improving their detection and response capabilities against various cyber threats, including insider threats, Man in the Middle (MitM) attacks, and adversary internal reconnaissance. The institution is committed to enhancing its security posture without adding significant strain to its existing resources. They are looking for solutions that can provide comprehensive visibility, efficient threat detection, and automated incident response to protect their extensive network of branch offices.

解决方案

The Attivo Networks ThreatDefend platform satisfied all of their requirements to provide visibility and insight into threats that had bypassed their perimeter defenses. Additionally, by leveraging the platform’s automated attack correlation features and native integrations, they were able to generate high-fidelity alerts, concise reporting, and automated incident response actions to drastically improve their capabilities with minimal impact on their resources. The organization started with a staged rollout that included a production-scale pilot and then moved into an enterprise-wide deployment. The ThreatDefend platform includes several components: BOTsink as the foundation, ThreatStrike for endpoint deception with deceptive credentials and other lures, ThreatDirect to extend decoys into branch offices, and ThreatPath to identify potential attack path routes of compromise. These components work together to provide a comprehensive deception strategy that enhances the organization's security posture.

运营影响

The organization saw immediate improvements in asset visibility, including exposed credential vulnerabilities with the ThreatPath visualization tool.
The security team found the deployment to be intuitive and easy to use, successfully deploying decoys before the scheduled Attivo Networks Customer Care Team arrived to assist.
After a successful deployment, the Information Security team saw major improvements in visibility and detection and were able to easily fit the ThreatDefend solution into their existing security architecture.

数量效益

The organization saw immediate improvements in asset visibility.
The deployment was intuitive and easy to use, allowing for successful decoy deployment before scheduled assistance.
Accurate alerts are expected to reduce mean time-to-detection.