MAJOR FINANCIAL SERVICES COMPANY CHOSES ECS DECEPTION FOR VISIBILITY AND FORENSICS
OVERVIEW
The CISO required better visibility into their large and diverse international network that spanned corporate and remote offices. Like many large enterprises, even with a mature and well-implemented security posture, they faced the challenge of fully understanding what threats were within their environment and how likely they were to cause harm. After researching numerous detection security controls, they recognized deception technology as a solution to a range of challenges. Additionally, they saw value in the platform’s ability to gather adversary intelligence including TTPs, IOCs, and threat intelligence that provided insight into the attacker’s entry point, methods, and motivation.
CHALLENGE
With a diverse infrastructure, and assets all across 1000’s of branches in INDIA and over seas that carried a broad range of regulatory and legal requirements, gaining adequate visibility into remote locations and providing consistent data security compliance was especially challenging. The specific restrictions in some regions posed additional challenges requiring unique solutions. The organization needed a solution that would be easy to deploy and manage, even in remote locations, and would not unduly increase their information security team’s workload.
SOLUTION
The organization selected the ECS’s Deception Platform to deploy decoys, to project decoys into remote locations, and to place deception credentials and other assets on the endpoints. The organization used staged rollouts, to test detection strategies and application of deception techniques. Though a PAN India and global deployment is a massive undertaking, the customer was pleasantly surprised at how simple the deployment process was with the use of machine learning. This automation feature made it incredibly easy to prepare, deploy, and update deceptions while maintaining environmental authenticity and attractiveness for an attacker.
ROI
The CISO had researched a range of potential technologies and vendors before selecting ECS Deception Technology as the most effective and efficient way to get the visibility and early detection they needed in their complex international environment. The scalability and ease of deployment, use, and maintenance made the ECS platform an excellent fit for this organization’s environment. Additionally, the reliable, accurate, and actionable alerts and forensic capabilities improved the information security team’s efficiency and required no additional operational resources.
OUTCOME
The organization added deception technology in order to proactively achieve visibility, especially in remote locations, and provide improved reporting and forensics capability across their widely varied sites. The organization’s experience demonstrates that the ECS platform is easy to deploy and maintain at scale. Additionally, the solution provides insight into activity at the network and endpoint with high-fidelity, accurate alerts. ECS Deception technology has given them “eyes inside the network” visibility they were not getting from any other solutions. The ability to gather adversary threat intelligence was also powerful in fortifying their defenses.
