Case Studies > Manufacturer Protects Intellectual Property With ThreatDefend Platform

Manufacturer Protects Intellectual Property With ThreatDefend Platform

Customer Company Size

Large Corporate

Product

ThreatDefend Deception and Response Platform
BOTsink engagement servers
ThreatStrike deceptive credentials

Tech Stack

Deception Technology
Threat Analysis
Incident Response

Implementation Scale

Enterprise-wide Deployment

Impact Metrics

Cost Savings
Customer Satisfaction
Productivity Improvements

Technology Category

Cybersecurity & Privacy - Network Security
Cybersecurity & Privacy - Intrusion Detection
Cybersecurity & Privacy - Security Compliance

Applicable Industries

Semiconductors
Electronics

Applicable Functions

Business Operation
Quality Assurance

Use Cases

Intrusion Detection Systems
Cybersecurity
Remote Asset Management

Services

System Integration
Cybersecurity Services

About The Customer

The customer is a global semiconductor manufacturer with a significant investment in intellectual property, particularly in chip design within highly sensitive labs. The organization operates multiple locations across different continents, adding complexity and increasing the number of potentially exploitable endpoints for cyberattacks. The infosec team is particularly concerned about advanced threats that could penetrate their prevention systems and extract valuable information, especially through targeted stolen credential attacks against employees. The loss of critical intellectual property would not only reveal technological advancements but also diminish the company's competitive edge, significantly impacting their bottom line.

The Challenge

A major problem the organization had with their cyber security infrastructure was that they had extremely limited visibility into the subnets that contained their most critical data. If these subnets were breached, the team would have significant difficulties detecting the threat inside. Another challenge the organization was facing was the number of alerts that were generated by their other security devices. The alerts generated were not only high in volume, but many times were false positives or unsubstantiated. The impact that the alerts had on the team was that they were unable to conduct the research necessary on these alerts to decipher between substantiated alerts and false positives. Therefore, they could not be confident that if they escalated an alert it would not be a false positive and a waste of resources to investigate. A situation such as this is extremely problematic for any infosec team because it forces them to choose between wasting resources investigating false positives or hoping that their incident response tools will be good enough to remediate an advanced threat that had penetrated their system. Facing this choice, the team was not confident in their security controls to protect their critical intellectual property.

The Solution

The infosec team deployed the ThreatDefend Deception and Response Platform across multiple locations in their critical subnets to increase the visibility of in-network threats. As the team operationalized ThreatDefend deception, the visibility gap that had widened in their network immediately closed and their alerts were now substantiated so that threats could be quickly addressed. Within 30 minutes, they had complete visibility across their entire network and saw high-fidelity alerts that were previously unattainable. With immediate visibility, the team is now alerted to only the malicious activity inside of their network. They now had the visibility they were looking for to catch in-network threats with zero false positives. But the team needed a solution that could do more than just detect. Taking advantage of the power of the ThreatDefend™ solution to analyze threats and produce detailed attack forensics, the team has configured their network so that blocked URLs from their firewall are automatically redirected to the ThreatDefend platform for analysis. Letting the entire attack play out, the ThreatDefend captures all of the activity and relays the information in a variety of formats. The detailed forensics allow the infosec team to have more visibility into not only what an attack is doing, but how to better prevent it in the future.

Operational Impact

The organization has implemented multiple units in several networks and has fully operationalized the ThreatDefend platform. The results, in their words, have been magnificent. The ThreatDefend alerted the team to malicious activity inside of their subnet and quickly acted on the detailed alert. The team was then able to use the forensics gathered from the ThreatDefend platform to drastically increase their incident response time. The team was able to remediate the threat before any critical data was breached. Without the visibility into the threat that the ThreatDefend provided, it is likely that the team would not have detected the threat before it had exported critical assets. Another added benefit to the team was the ability to remove the debate about taking critical devices off-line. With the substantiated attack detail, the team was able to take the Attivo alerts and show irrefutably that the systems were infected and that they needed to be remediated. This also saved them a great deal of frustration and eliminated the need to do additional research to justify their actions.

Quantitative Benefit

Within 30 minutes, they had complete visibility across their entire network.
The ThreatDefend Platform provides early detection and saves time by generating only high-fidelity, actionable alerts.