A Global Healthcare Company

The project was

completed at less than half

the price and half the time

that we had anticipated. We

were impressed by how well

Seculert scaled up to support

all our remote sites.

A global company with more than 50 sites worldwide

When it comes to a company with multiple sites scattered all over the world, protecting distributed network from APTs in an efficient, cost-effective way is a significant challenge. Securing a remote site is much more than just purchasing an additional appliance - it also means retaining and training IT personnel to deploy and manage it. A global advertising company discovered that the cost of API protection can be exorbitant.

United States

CASE STUDY

CASE STUDY

DESCRIPTION

Company’s CISO

OVERVIEW

LOCATION

A Global Healthcare Company

This company originally decided to start on a small scale by securing their headquarters plus a few regional offices. Once the headquarters and the regional offices were set up with on-premises APT appliances, it became clear that protecting all the other remote sites would require a significantly larger budget than they had originally allocated. Apart from purchasing the devices, the company understood that it also needed trained, local IT personnel at each site. Furthermore, after the initial deployment, the company realized that their strategy would involve processing massive amounts of data, including an overwhelming amount of false positives, coming from the newly implemented APT appliances. Initially, the company had planned to use its central SIEM solution to collect the gateway traffic logs from each of the remote appliances. But the time it took to relay the data from the remote sites to the SIEM, analyze it and reconfigure the remote firewalls was a problem.

The cost and overhead of protecting their remote sites was turning into a roadblock. The company started looking for a different type of solution that:

The company decided to try Seculert’s proactive Botnet Interception and Automated Traffic Log Analysis technologies. During set-up, the IT security team defined all internal and external facing domains and web-based portals. Meanwhile, a member of IT at headquarters easily integrated Seculert’s cloud-based service with the company’s SIEM solution using the Seculert API. The IT security team also chose to upload proxy logs from their existing next-generation firewall and proxies for analysis using the Seculert API.

Setup took less than ten minutes.

The solution immediately identified an endpoint at a remote office that was communicating with known command and control servers (C&C). When the proxy logs were automatically analyzed, Seculert discovered a targeted attack by identifying that an internal computer was communicating with C&C servers outside normal business hours and stealing proprietary information from the corporate network. Both the infected endpoints and the data expropriation had been missed by the company’s existing anti-malware and SIEM solutions.

THE CHALLENGE

RESULTS

THE SOLUTION

CASE STUDY

Detects compromised endpoints and devices no matter where they are located

Does not require an on-premises appliance for every remote office

Deploys quickly and easily from a centralized location across multiple sites worldwide, yet does not route all traffic

through a central location

Doesn’t require additional staff or specialized training

Full view of security threats

Real-time detection and alerts using cloud-based infrastructure

Uncovers threats that have bypassed other security systems

No false positives due to external intelligence from live botnets

A complete SaaS solution that can be setup in minutes to provide immediate results and ongoing data intelligence

CASE STUDY A Global Healthcare Company 02

A Global Healthcare Company

Within just one quarter, the company protected all of their sites from advanced malware, APTs and zero-day attacks. The projected cost and timeframe for the project were reduced by 50%. Since Seculert is cloud-based, it discovers compromised endpoints at headquarters and at all of their satellite offices around the world. Quickly and easily, the company was able to reduce the risk of data and credential loss and detect suspicious activity from all web-based end points. All of this coverage is achieved through a simple integration with the SIEM at headquarters.

“The project was completed at less than half the price and half the time that we had anticipated. We were impressed by how well Seculert scaled up to support all our remote site.”

The company used the Seculert API to go from detection to active prevention and mitigation. Seculert pinpointed the infected endpoints and communicated them to the SIEM system. It also pushed instructions to the firewalls at all of their offices to block this endpoint and further – to block attacks with the same characteristics. This case was then escalated to the appropriate internal IT team that approached the user and cleaned the infected device. All infected endpoints were cleaned before firewall restrictions were removed.

THE BENEFITS

CASE STUDY

2880 Lakeside Drive, Ste 228Santa Clara, CA 95054Tel: +1 408 560 3400

6 Efal Street, P.O. Box 3970Petach Tikvah, IL 4952801Tel: +972 3 919 3366

Toll Free (US/Canada): +1 855 732 8537Tel (UK): +44 203 355 6444Fax: +972 3 919 3636

United States Israel www.seculert.com

CO

PY

RIG

HT

© 2

014