利用物联网保护交易环境:美国主要金融服务提供商的案例研究
技术
- 应用基础设施与中间件 - 数据库管理和存储
- 基础设施即服务 (IaaS) - 云数据库
适用行业
- 国家安全与国防
适用功能
- 质量保证
用例
- 网络安全
- 交通监控
服务
- 云规划/设计/实施服务
- 网络安全服务
关于客户
该客户是一家美国主要金融服务提供商,隶属于一家全球财富 500 强公司。过去半个世纪以来,该公司一直致力于满足客户的投资需求。该金融服务公司为机构和私人客户管理着 1,740 亿美元的固定收益和平衡资产。该资产管理公司依靠 Imperva 解决方案来保护其网站、IT 基础设施和客户数据(无论是在云端还是在本地),从而保护其交易流程。
挑战
该客户是一家美国主要金融服务提供商,隶属于一家全球财富 500 强公司,在确保其交易环境安全方面面临着多项挑战。该公司需要清晰地了解其数据库流量,以监控活动并识别风险。在在线交易环境中保护客户数据和交易的安全至关重要。该公司还需要确保积极支持在线交易流程的数据库和服务的高性能和可用性。该公司还希望实现 GLBA、HIPAA、HiTECH、FISMA、SCC、SOX、ISO 27001 和 NIST 网络安全框架等监管标准的自动化合规和报告功能。保护敏感的客户和交易信息免遭内部滥用是另一项挑战。该公司还需要控制对云应用程序和机密客户信息的访问,包括丰富的策略实施和 IP 地址白名单。最后,该公司需要防止 DDoS/DNS 攻击损害客户网站。
解决方案
该公司采用了多种 Imperva 解决方案来应对挑战。 Imperva SecureSphere 数据审计和保护用于提供对数据库流量的清晰可见性并保护客户数据和交易。用于 SaaS 应用程序的 Imperva Skyfence 云访问安全代理用于控制对云应用程序和机密客户信息的访问。 Imperva Incapsula 用于防御 DDoS / DNS 攻击。 SecureSphere 解决方案通过以非内联模式嗅探数据库流量来降低主动交易的风险,而无需服务器上的代理。该解决方案提供了数据流的清晰视图,使公司能够监控活动并识别风险。 Skyfence 云访问安全代理提供对云应用程序的可见性和控制以及对交易数据的访问。 Incapsula 解决方案可保护公司网站免受 DDoS/DNS 攻击。
运营影响
数量效益
Case Study missing?
Start adding your own!
Register with your work email and create a new case study profile for your business.
相关案例.
Case Study
Data Capture for Afghanistan Forces
Electronic equipments on the field of Afghanistan provided information on the status of the vehicle and to identify potential threats surrounding it to the British Force. The monitoring and interpretation of this data requires robust and sophisticated digitization for data capture and communication.
Case Study
Enhancing Security and Compliance in Remitly's Global Money Transfer Service with Fastly
Remitly, an online remittance service, was faced with the challenge of securing its proprietary global transfer network. The company needed a security solution that could meet PCI requirements and protect customers' sensitive transactions through its mobile application. The solution had to be capable of defending against new and emerging attack types without impacting performance. Remitly also had to deal with irregular traffic patterns, such as a sudden spike in account transfers from a small network segment on the Pacific coastline of South America. The company needed to determine in real time whether such traffic indicated an attack or valid requests. A traditional web application firewall (WAF) would not be able to distinguish this traffic, potentially leading to customer frustration if the IP was blacklisted.
Case Study
Major Aerospace Company Automates Asset Management
The O&M division of an aerospace and global security company was using spreadsheets to manually track more than 3,000 assets assigned to students and staff. Maintaining audit trails for this high volume of equipment became increasingly time-consuming and challenging. The chore involved knowing precisely what equipment was on hand, what had been issued, its location and the name of the custodial owner of each item. Every aspect of this task was carried owner of each item. Every aspect of this task was carried out by individuals with spreadsheets. Manually documenting the full lifecycle of each asset added to the burden. This included tracking maintenance requirements and records, incidents and damages, repairs, calibrations, depreciation, and end-of-life data.
Case Study
Securing a Large Data Center in the EMEA Region: An IoT Case Study
A leading data-center operator in the EMEA region, with multiple facilities spanning over 25,000 square meters, faced significant security challenges. The operator experienced interruptions in their internal IT network due to unsupervised work of third-party technicians. Despite having a high-end building control system that provided 24x7 monitoring and control to all the building’s infrastructure, the data center was vulnerable from a cyber perspective as it was connected to the IT network infrastructure. The operator launched an urgent OT cyber security project that included both IT-OT network segmentation and OT network asset mapping and anomaly detection. The main objectives were to harden the security of the server systems, secure the facility’s power supply and server cooling system, strengthen the segmentation between building and operational systems, create a visual OT network map, and set up a system for presenting supply-chain attacks that may threaten the data center through equipment vendors’ maintenance activities.
Case Study
Leveraging Graph Technology for Enhanced Cybersecurity: A Case Study on MITRE's CyGraph
MITRE, a federally-funded, not-for-profit company that manages seven national research and development laboratories in the United States, was grappling with the challenge of managing an influx of cybersecurity data. The constant changes in network environments were impacting the security posture of U.S. government agencies. Intrusion alerts, anti-virus warnings, and seemingly benign events like logins, service connections, and file share access were all potentially associated with adversary activity. The cybersecurity researchers at MITRE needed to go beyond rudimentary assessments of security posture and attack response. This required merging isolated data into higher-level knowledge of network-wide attack vulnerabilities and mission readiness. The challenge was not the lack of information, but the ability to assemble disparate pieces of information into an overall analytic picture for situational awareness, optimal courses of action, and maintaining mission readiness. The team also struggled with fully comprehending a given security environment and mapping all known vulnerabilities.
Case Study
Enhancing Security Precision with IoT: A Case Study of Guardsman Group
Guardsman Group, a leading security company in the Caribbean, faced a significant challenge in maintaining the security of its digital infrastructure. The company provides security equipment, personnel, and systems for various businesses across the region. However, one of its offices experienced a security incident that affected all communications at that location. The existing security tools were not sufficient to provide the necessary protection, and it took hours to identify the source of the issue. This incident highlighted the need for a dynamic solution that could proactively identify threats. The company's primary concern was any disruption to its business, as it manages a significant portion of Jamaica's money and cannot afford for its operations to go down.
