Embed Size (px)
Citation preview
CompanyA Global Software and Services Provider
Description A market leader in software and services for companies in the communications, media and entertainment industry with a workforce of over 20,000 and annual revenue exceeding $3 billion
LocationA global organization
OVERVIEWThe company’s security operations are state of the art. As a large provider of software and services with offices and employees all over the globe, the company requires security solutions that are flexible and scalable, as well as effective. Two years ago, they realized that their solution for Advanced Persistent Threats (APTs) and other advanced malware did not fully cover remote employees. They were also receiving many false positives from their SIEM system and needed a more accurate and proactive source of threat information. They turned to Seculert’s cloud-based Advanced Threat Protection Solution because it was capable of being easily configured to discover malware across all global remote users without the installation of any software or hardware.
CASE STUDY
Seculert is a key part of our
strategy for defending against
advanced malware and APTs.
It enables us to protect remote
users and has detected malware
inside the network that other
solutions have missed. Thus,
when we have Seculert alerts they
have to be handled immediately.
“
“The company’s manager of SIEM, SOC, mobile, and threat management
CASE STUDY
THE SOLUTIONThe company decided to use the Seculert’s Botnet Interception technology to detect malware infections in remote users. It took only minutes to define the company’s domains in the Seculert online dashboard. “Immediately Seculert started alerting us to malware infections that we were completely unaware of,” said the company’s manager of SIEM, SOC, mobile, and threat management, “Since it is a cloud-based solution, it requires no installation or maintenance, but the value it provided for protecting our remote users was immediately clear.”
SIEM is central to the company’s’ security strategy. Fitting into this strategy Seculert feeds information from Proactive Botnet Interception directly into the company’s SIEM system. They also began using Seculert’s Elastic Sandbox to analyze suspicious samples that were detected by their endpoint security systems and feed the analysis into the SIEM system to improve event correlation. Additionally, to move the emphasis from detection to protection, the company decided to use the Seculert API to directly update their firewalls in order to block known C&C crime servers.
Lastly, the company began using Seculert’s Traffic Log Analysis technology to perform deep mining of historical log information to improve malware detection inside the network. Starting with a site in Russia where malware was suspected, Seculert’ sophisticated log analysis was able to detect a series of suspicious communications from the site. Following that event, the company started using Seculert Traffic Log Analysis in Europe and then additionally, worldwide.
The company is committed to implementing fully automated processes in order to ensure the fastest response to security incidents. Incidents reported by the Seculert Solution are immediately channeled to their ArcSight system where tickets are opened and management is alerted via their security dashboards.
RESULTSThe Seculert Solution was fast and easy to configure, and the Botnet Interception technology immediately detected malware the company was unaware of at remote user endpoints. The company then started using Seculert’s Elastic Sandbox technology to analyze code samples and, through use of the Seculert API, immediately began passing the latest threat information to their SIEM system. Within six months they substantially reduced the number of alerts by proactively blocking new known threats. In addition, integration with the SIEM improved event correlation and the number of false positives was significantly reduced. Finally, with the introduction of Seculert’s Traffic Log Analysis technology, they were immediately able to determine that some of the endpoints in several of their offices were infected with malware, and the company decided to roll-out Seculert’s Traffic Log Analysis for all its systems world-wide.
www.seculert.com
Toll Free (US): 1-855-732-8537
Tel (US): 1-408-560-3400
Tel (UK): 44-203-355-6444
Tel (Intl): 972-3-919-3366
