Upload
seculert
View
86
Download
0
Embed Size (px)
Citation preview
A Global Healthcare Company
The project was
completed at less than half
the price and half the time
that we had anticipated. We
were impressed by how well
Seculert scaled up to support
all our remote sites.
A global company with more than 50 sites worldwide
When it comes to a company with multiple sites scattered all over the world, protecting distributed network from APTs in an efficient, cost-effective way is a significant challenge. Securing a remote site is much more than just purchasing an additional appliance - it also means retaining and training IT personnel to deploy and manage it. A global advertising company discovered that the cost of API protection can be exorbitant.
United States
CASE STUDY
CASE STUDY
DESCRIPTION
Company’s CISO
OVERVIEW
LOCATION
A Global Healthcare Company
This company originally decided to start on a small scale by securing their headquarters plus a few regional offices. Once the headquarters and the regional offices were set up with on-premises APT appliances, it became clear that protecting all the other remote sites would require a significantly larger budget than they had originally allocated. Apart from purchasing the devices, the company understood that it also needed trained, local IT personnel at each site. Furthermore, after the initial deployment, the company realized that their strategy would involve processing massive amounts of data, including an overwhelming amount of false positives, coming from the newly implemented APT appliances. Initially, the company had planned to use its central SIEM solution to collect the gateway traffic logs from each of the remote appliances. But the time it took to relay the data from the remote sites to the SIEM, analyze it and reconfigure the remote firewalls was a problem.
The cost and overhead of protecting their remote sites was turning into a roadblock. The company started looking for a different type of solution that:
The company decided to try Seculert’s proactive Botnet Interception and Automated Traffic Log Analysis technologies. During set-up, the IT security team defined all internal and external facing domains and web-based portals. Meanwhile, a member of IT at headquarters easily integrated Seculert’s cloud-based service with the company’s SIEM solution using the Seculert API. The IT security team also chose to upload proxy logs from their existing next-generation firewall and proxies for analysis using the Seculert API.
Setup took less than ten minutes.
The solution immediately identified an endpoint at a remote office that was communicating with known command and control servers (C&C). When the proxy logs were automatically analyzed, Seculert discovered a targeted attack by identifying that an internal computer was communicating with C&C servers outside normal business hours and stealing proprietary information from the corporate network. Both the infected endpoints and the data expropriation had been missed by the company’s existing anti-malware and SIEM solutions.
THE CHALLENGE
RESULTS
THE SOLUTION
CASE STUDY
Detects compromised endpoints and devices no matter where they are located
Does not require an on-premises appliance for every remote office
Deploys quickly and easily from a centralized location across multiple sites worldwide, yet does not route all traffic
through a central location
Doesn’t require additional staff or specialized training
Full view of security threats
Real-time detection and alerts using cloud-based infrastructure
Uncovers threats that have bypassed other security systems
No false positives due to external intelligence from live botnets
A complete SaaS solution that can be setup in minutes to provide immediate results and ongoing data intelligence
CASE STUDY A Global Healthcare Company 02
A Global Healthcare Company
Within just one quarter, the company protected all of their sites from advanced malware, APTs and zero-day attacks. The projected cost and timeframe for the project were reduced by 50%. Since Seculert is cloud-based, it discovers compromised endpoints at headquarters and at all of their satellite offices around the world. Quickly and easily, the company was able to reduce the risk of data and credential loss and detect suspicious activity from all web-based end points. All of this coverage is achieved through a simple integration with the SIEM at headquarters.
“The project was completed at less than half the price and half the time that we had anticipated. We were impressed by how well Seculert scaled up to support all our remote site.”
The company used the Seculert API to go from detection to active prevention and mitigation. Seculert pinpointed the infected endpoints and communicated them to the SIEM system. It also pushed instructions to the firewalls at all of their offices to block this endpoint and further – to block attacks with the same characteristics. This case was then escalated to the appropriate internal IT team that approached the user and cleaned the infected device. All infected endpoints were cleaned before firewall restrictions were removed.
THE BENEFITS
CASE STUDY
2880 Lakeside Drive, Ste 228Santa Clara, CA 95054Tel: +1 408 560 3400
6 Efal Street, P.O. Box 3970Petach Tikvah, IL 4952801Tel: +972 3 919 3366
Toll Free (US/Canada): +1 855 732 8537Tel (UK): +44 203 355 6444Fax: +972 3 919 3636
United States Israel www.seculert.com
CO
PY
RIG
HT
© 2
014