华盛顿著名博物馆利用 Check Point 的 Consolidated Infinity 架构增强安全性
技术
- 基础设施即服务 (IaaS) - 混合云
- 基础设施即服务 (IaaS) - 公共云
适用行业
- 玻璃
- 国家安全与国防
适用功能
- 人力资源
- 维护
用例
- 库存管理
- 篡改检测
服务
- 云规划/设计/实施服务
关于客户
本案例研究中的客户是华盛顿特区的一家著名博物馆,负责记录、研究和解释历史。该博物馆已接待超过4000万参观者,其中包括99位国家元首和超过1000万学龄儿童。它拥有世界上最大的重大历史事件档案馆之一,重点关注其数字保存和存储。每年有来自 200 多个国家的超过 1650 万人访问该网站,该网站有 16 种语言版本。博物馆的系统受到来自世界各地的仇恨电子邮件、恶意社交媒体帖子以及日益复杂的第五代网络攻击的攻击。
挑战
华盛顿著名的博物馆负责记录、研究和解释历史,在保存和保护不可替代的文献、照片、视频和录音方面面临着重大挑战。该博物馆已接待了超过 4000 万参观者,其中包括 99 位国家元首和超过 1000 万学龄儿童,但一直受到第五代网络攻击的威胁。博物馆的系统受到仇恨电子邮件、恶意社交媒体帖子以及来自世界各地日益复杂的网络攻击的攻击。该博物馆还需要保护用户身份和凭证免遭帐户劫持,并在多供应商混合云环境中保护 SaaS 和托管应用程序的安全。安全团队面临的第一个挑战是管理和保护整个基础设施中的用户身份,其中员工和合作伙伴位于世界各地,对机构资产的在线访问级别各不相同。
解决方案
为了应对这些挑战,博物馆转向了 Check Point Infinity 架构。其中包括 Check Point CloudGuard SaaS、Check Point CloudGuard IaaS、Check Point SandBlast 网络和 Check Point R80 安全管理。该博物馆选择了 SaaS 应用程序,包括 Microsoft Office 365、Google Suite、文件共享和运营解决方案,每个应用程序都托管在各自供应商的云中,并受到 Check Point CloudGuard SaaS 的保护。这提供了零日威胁、身份和数据保护,同时防止员工帐户泄露。该博物馆还利用 Check Point CloudGuard IaaS 来保护已迁移到公共云的应用程序。 Check Point CloudGuard IaaS 将与 Check Point 防火墙相同的保护扩展到这些公共云环境中的博物馆应用程序。 Check Point SandBlast 使用威胁仿真技术提供针对已知威胁和零日攻击的多层保护,以及身份感知、内容感知、防病毒、反机器人、入侵防御、应用程序控制和 URL 过滤功能。
运营影响
数量效益
Case Study missing?
Start adding your own!
Register with your work email and create a new case study profile for your business.
相关案例.
Case Study
Data Capture for Afghanistan Forces
Electronic equipments on the field of Afghanistan provided information on the status of the vehicle and to identify potential threats surrounding it to the British Force. The monitoring and interpretation of this data requires robust and sophisticated digitization for data capture and communication.
Case Study
Enhancing Security and Compliance in Remitly's Global Money Transfer Service with Fastly
Remitly, an online remittance service, was faced with the challenge of securing its proprietary global transfer network. The company needed a security solution that could meet PCI requirements and protect customers' sensitive transactions through its mobile application. The solution had to be capable of defending against new and emerging attack types without impacting performance. Remitly also had to deal with irregular traffic patterns, such as a sudden spike in account transfers from a small network segment on the Pacific coastline of South America. The company needed to determine in real time whether such traffic indicated an attack or valid requests. A traditional web application firewall (WAF) would not be able to distinguish this traffic, potentially leading to customer frustration if the IP was blacklisted.
.png)
Case Study
Discrete Manufacturing Industries (Fiberglass Pipe)
The implementation of ERP software in a Discrete Manufacturing organization needs to be strategic, irrespective of its size and capacity. The client had already implemented an ERP system which fulfilled their requirements but was not efficient enough. Efficiency here meant Synchronized Planning, Updating and Multisite Planning. Planning at client’s place was done outside the ERP system. Lack of proper synchronization to the ERP system paved way to huge delays in the changes getting updated in the system. These delays caused disruption in achieving delivery schedules. Multisite Planning is a solution to an organization which has multiple production units (may or may not be geographically separated) and thus needs planning across these units to synchronize production activities within them. The client also has multiple factories and hence Production Planning control is very essential in their case. Since Multisite planning was not possible with Baan ERP system, this was another bottleneck for the client.
Case Study
Major Aerospace Company Automates Asset Management
The O&M division of an aerospace and global security company was using spreadsheets to manually track more than 3,000 assets assigned to students and staff. Maintaining audit trails for this high volume of equipment became increasingly time-consuming and challenging. The chore involved knowing precisely what equipment was on hand, what had been issued, its location and the name of the custodial owner of each item. Every aspect of this task was carried owner of each item. Every aspect of this task was carried out by individuals with spreadsheets. Manually documenting the full lifecycle of each asset added to the burden. This included tracking maintenance requirements and records, incidents and damages, repairs, calibrations, depreciation, and end-of-life data.
Case Study
Securing a Large Data Center in the EMEA Region: An IoT Case Study
A leading data-center operator in the EMEA region, with multiple facilities spanning over 25,000 square meters, faced significant security challenges. The operator experienced interruptions in their internal IT network due to unsupervised work of third-party technicians. Despite having a high-end building control system that provided 24x7 monitoring and control to all the building’s infrastructure, the data center was vulnerable from a cyber perspective as it was connected to the IT network infrastructure. The operator launched an urgent OT cyber security project that included both IT-OT network segmentation and OT network asset mapping and anomaly detection. The main objectives were to harden the security of the server systems, secure the facility’s power supply and server cooling system, strengthen the segmentation between building and operational systems, create a visual OT network map, and set up a system for presenting supply-chain attacks that may threaten the data center through equipment vendors’ maintenance activities.
Case Study
Leveraging Graph Technology for Enhanced Cybersecurity: A Case Study on MITRE's CyGraph
MITRE, a federally-funded, not-for-profit company that manages seven national research and development laboratories in the United States, was grappling with the challenge of managing an influx of cybersecurity data. The constant changes in network environments were impacting the security posture of U.S. government agencies. Intrusion alerts, anti-virus warnings, and seemingly benign events like logins, service connections, and file share access were all potentially associated with adversary activity. The cybersecurity researchers at MITRE needed to go beyond rudimentary assessments of security posture and attack response. This required merging isolated data into higher-level knowledge of network-wide attack vulnerabilities and mission readiness. The challenge was not the lack of information, but the ability to assemble disparate pieces of information into an overall analytic picture for situational awareness, optimal courses of action, and maintaining mission readiness. The team also struggled with fully comprehending a given security environment and mapping all known vulnerabilities.
