While one group seeks to protect customers and their data, the other seeks to exploit them. Without visibility into the network, organizations are challenged to meet their ultimate goal: Stop advanced threats that put data at risk. For a U.S.- based financial services institution offering lines of credit, loans and investment banking services, this lack of visibility was not only making it difficult to meet PCI-DSS and SOX requirements, it was also costing them their customers’ credit card information. Despite having a highly robust security environment, including application firewalls, network-based malware sandboxing, next-gen firewalls and IPS, host AV and application whitelisting, among other technologies, the organization still saw confidential information being exfiltrated from their environment.
“We are under every regulation you can think of, and we like to stay ahead of that,” said the company’s security architect. “But we had some indication that credit card numbers were leaving our environment. We knew there was some command-and-control activity, but we couldn’t see down to the host level to stop it.”
Like many organizations today, the financial services institution found that traditional security gateway technologies like IPS and firewalls do not prevent advanced persistent threats (APTs) from entering the network, and becoming a breach. As a result, threats were coming in left and right, and the incident response team was working overtime in an attempt to remediate them. But a lack of visibility and understanding of the severity of the threats impacted the effectiveness of their efforts.
“Network Insight provides me, as a security architect, with a level of visibility that I’ve never had before. I don’t have to try to guess at the effectiveness of my security architecture anymore.”
With the ability to discover suspicious network behavior, corroborate evidence of an attack and prioritize remediation efforts-based on risk, Network Insight filled a need like no other solution. The financial services company deployed Core Security Network Insight globally, with a keen focus on 24 by 7 monitoring and coverage across their entire network. As a result, the company has been able to improve both their detection rate of compromised devices, as well as improve incident response time. “Network Insight provides me, as a security architect, with a level of visibility that I’ve never had before. I don’t have to try to guess at the effectiveness of my security architecture anymore. It used to be this huge blind spot. I knew there was stuff in there, but I couldn’t see it. Core Security has a significant unique detection rate, showing me compromises that none of my other systems are seeing, and providing me corroborating evidence that a device truly has been compromised,” said the company’s security architect. Core Security Network Insight doesn’t stop there. In addition to providing visibility into what’s occurring on the network, the advanced threat protection solution provides understanding. Actionable intelligence on active criminal activity expedites incident response to improve productivity and reduce the threat factor.
"It took only preliminary research to know that Core Security was the appropriate solution to round out the company’s threat defense."
Before implementing Core Security Network Insight, the incident response team was “crazy busy all the time,” said the security architect. “Now the team has time to work on strategically more significant projects, like improving the incident response process.” “Network Insight is incredibly user friendly day-to-day. I just pop into the assets view, look at what’s gone off in the last 12 hours and send anything really nasty off to the incident response team. What used to take all day now takes me about an hour, maybe two at most,” said the company’s threat researcher. The organization has also improved its audit findings, which is extremely important in a highly regulated industry. “Our auditors are happy, because Network Insight provides a good crosscheck across all of the security recommendations they’ve made in the past,” said the security architect.