Tasks
- Identifying vulnerabilities,
- Advanced threat analysis,
- Cyber defense update,
- Existing software gain,
- Investigation in real-time,
- Compatibility with existing software.
Results
- Detection of large-scale data “leak”.
- Incident loss reduction.
- Protection against advanced threats.
- VLan company networks are protected.
- Full system scan.
- Monitoring in real-time.
- Zero-day vulnerability detection.
- Previous software compatibility.
Description
About us
TrapX was addressed by a leading provider of healthcare software. The company provides its software to clients through cloud services. The IT security team of the customer has invested heavily in software for trustworthy cyber security. The customer had a powerful industrial suite of cyber security products that included firewalls, antivirus packages, intrusion detection software, endpoint security. But at the same time, their security center regularly detected malware and corrected all recorded incidents.
Challenge
One of the main tasks was to strengthen the perimeter of protection, search for malware and zero-day vulnerabilities that the existing security system could not detect. Also, DeceptionGrid, being an additional protective solution, should be combined without problems with the already unfolded cyber security system and not burden the work of an already complex system.
TrapX's DeceptionGrid helps to see cyber threats where other security systems have “blind spots”. The program helps you to easily control all your company's IT assets and to respond to any security incident immediately.
Integration
The initial installation of DeceptionGrid included more than ten enterprise vLAN networks. Almost immediately after commissioning, information technology staff received many high-priority alerts. The alerts included suspicious activity and led to the discovery of incorrect network settings: some of the internal Internet addresses were open to the external Internet and various high-risk protocols. Incoming connections from attackers worked via SSH, Telnet and Remote Desktop. Some of the malicious programs were automatically captured and entered into the DeceptionGrid sandbox for further analysis. This analysis revealed the presence of malicious command and control points that circumvented the entire array of existing security.
Result
DeceptionGrid tracked and recorded the movement of malware. Several command and control points at six workstations were associated with attackers in Beijing, China, Moldova and several localities on the territory of Ukraine. Dozens of workstations had to be reconfigured to prevent access to them. It took a manual memory dump and analysis of many IT assets before it was possible to identify the full scope of extensive and previously undetected hacker activity.