A Core Security partner was contacted by a large institution with what is becoming an all too common problem: they had suffered a massive breach from an advanced persistent threat (APT), and they wanted to make sure it never happened again. Read on to find out how Network Insight proved to be the right advanced threat detection solution for their needs.
Making Changes After a Costly Breach
This institution discovered they had been breached when systems stopped working at multiple different locations. The attackers were able to steal millions of dollars, and recovering was costing thousands more. The breach quickly became public knowledge, so the organization also suffered a devastating hit to their reputation.
The organization already took measures to protect themselves from infections and APTs by implementing an advanced threat detection tool. Frustratingly, their existing solutions did not catch the threat, even after the breach occurred. While they were eventually able to clear the infection, they wanted a way to ensure that they could detect threats before causing such tremendous damage.
A Successful Proof of Concept
After initial conversations with our Core Security partner, the organization requested a proof of concept (POC) for Network Insight to ensure it could handle any type of attack. Engineers from both our partner organization and Core Security went to the site and installed Network Insight’s hardware—sensors that passively observe communications going to and from a network.
A few days later, the engineers met with the organization to go over the results of the PoC. In less than two days, Network Insight detected four active threats that had not yet been uncovered by any of the other security solutions the organization used. They quickly decided to purchase and deploy Network Insight.
A Long-Term Solution
This institution continues to use Network Insight, and has avoided any damage since. Ultimately, the organization now has confidence in the security of their essential assets knowing Network Insight will continue to provide definitive proof of infection, delivering actionable information about known and unknown threats regardless of the infection’s source.