Tasks
- Perimeter protection gain,
- Protection against advanced threats,
- Protection of confidential information,
- Monitoring in real-time,
- Safety compliance.
Results
- Malware detection.
- Vulnerability detection.
- Anti-hacking tool.
- Advanced threat analysis.
- Additional compatible protection.
- Loss reduction.
Description
About us
The customer of the solution from TrapX was a large US national government enterprise. It contains hundreds of employees, and has offices throughout the country.
Challenge
The enterprise was interested in learning more about security trap technology as part of its regular assessment of cybersecurity suppliers, and possibly update and strengthen its cybersecurity perimeter.
DeceptionGrid provides proactive protection by providing you with accurate and up-to-date network status information and tools to build a more efficient perimeter protection.
Integration
From the beginning of the span of DeceptionGrid and further, within a few weeks, the organization’s security team (SOC) received several high-priority alerts — these were hacking attempts. It was one of the most massive attacks that experts from TrapX have ever detected. A number of attackers were identified in several areas, including:
- more than five using malware servers;
- more than five, connecting data stream with C&C botnet servers;
- more than fifty remote attackers using an anonymous TOR proxy server to hide source IP addresses.
In some cases, malware was automatically captured and placed in "a sandbox" for further analysis. Some of the intruders installed management and control, bypassing the full range of existing intrusion detection tools, firewall, endpoint protection and cyber software perimeter.
Result
The detected malware included Cryptowall, P2P Malware, Trojan-Banker, Trojan-Ransome, Mobogenie.B and WS.Reputation.1. It became obvious that several hackers had successfully penetrated the data of the government agency. Attack vectors differed significantly and endangered workstations and servers in different departments. The required fix was performed on a large scale and included re-training of workstations and servers.