Semiconductor Company Implements Deception to Stop Man-in-the-Middle Attacks

• 网络安全和隐私 - 入侵检测
• 网络安全和隐私 - 安全合规

• 半导体

• 商业运营

• 入侵检测系统

• 系统集成
• 培训

The organization had been infiltrated by a Chinese hacker group using a man-in-the-middle attack that was able to successfully bypass their prevention systems and exfiltrate critical data. The security organization was instructed to improve their detection capabilities and get more reliable insight into threats that may be using tactics to steal credentials or use social engineering to penetrate the network. They needed a solution that would be able to detect subtle, in-network attacks as well as phishing and advanced threat protection. The biggest challenge this organization was facing was manpower. In addition to the numerous alerts generated by their prevention and other security devices, the infosec team was receiving 45-50 suspicious emails a day. The team was so severely burdened that they were rarely able to go through the backlog and investigate all of the potential threats that they were alerted to.

A global semiconductor manufacturer faced significant cybersecurity challenges, particularly from a Chinese hacker group that had successfully executed a man-in-the-middle attack, bypassing existing prevention systems and exfiltrating critical data. The company needed to protect its intellectual property and improve its detection capabilities to identify and respond to subtle, in-network attacks, phishing attempts, and advanced threats. The infosec team was overwhelmed with numerous alerts and suspicious emails, making it difficult to investigate all potential threats. The company required a solution that could provide reliable insights into threats, reduce false positives, and enhance their overall security posture across multiple locations worldwide.

To ensure full coverage, the organization deployed the Attivo ThreatDefend Deception and Response Platform on all the VLANs in their network to specifically detect man-in-the-middle and lateral movement attacks. Additionally, the infosec team took full advantage of the analysis engine provided by the ThreatDefend Platform to more efficiently correlate attack information and for forensic reporting. Additionally, they automated the phishing email analysis process, providing a consistent way to analyze suspect emails and ensuring that all submitted samples are analyzed. The team was also able to achieve control of their alert volume since the Attivo solution alerts were all based on engagement and all represented either a threat or a misconfiguration that could become an attacker entry point. Since the organization has many locations, they needed a solution that would be able to protect their networks that are physically very far apart. Using virtual versions of the ThreatDefend solution, they deployed deception technology across offices in three different countries spanning two continents to cover their manufacturing, design, and management offices. Given the efficiency of this solution, deployment was fast and did not require additional staff to operate a global deployment.

• The information security team saves critical time through the automation of malware and suspicious email analysis.
• The high-fidelity alerts provided by the ThreatDefend Platform allow the team to focus their attention on substantiated threats rather than false positives generated by other devices.
• The infosec team is very pleased with the accurate and high-fidelity alerts and that they now have the visibility into their network that was unachievable previous to their adoption of deception technology.

• The infosec team was receiving 45-50 suspicious emails a day.