New Users
Home
Analysts & Consultants
People
Channel Advantage
Products
Technology
Case Studies
Awards
About This Guide
Fortune 1000 media company protects against Zero-Day and Targeted attacks
Background: Fortune 1000 media company: $4 billion multinational media company One of the five largest media companies world 4,500 employees in more than 50 countries More than one million copyrights worldwide
Background: Fortune 1000 media company:
Challenges: Prior to deploying Counterstorm-1, this Fortune 1000 media company had a comprehensive network security approach that included firewalls, anti-virus, anti-spam and patch management, but the company still felt vulnerable to attacks that originated on the network interior. One of their primary concerns centered on zero-day and targeted attacks which could spread through the network before a signature or a patch was generated to halt them. There were several key requirements in evaluating solutions. • High value data protection The media company's network contains highly valuable and proprietary data. If the company were ever to experience a security breach, this important information could be damaged or stolen. A key requirement was to safeguard network data from both internal and external threats. • Diverse population support As part of its core business initiatives, the company is required to support a widespread and diverse audience. A variety of user communities access its network every day from both internal and remote locations. These users also interact with protected and unprotected clients, and they access the network using both company-owned and personal devices. Such diverse network activity poses a significant security risk. A user might unintentionally introduce an attack into the network by connecting from an unsecured, infected device, for example, or by interacting with an unprotected client network. Nevertheless, the company needs to provide full service to its diverse user base and maintain security across the network. • Accurate protection against internal network threats The company deployed a variety of security solutions that adequately protected the network perimeter but these solutions did not protect the internal network against zero-day and targeted attacks. Due to the company’s high visibility, large amount of proprietary data, and its diverse user community, it required a fast, accurate, and calculated solution to protect its network interior. • Prevention of larger outbreaks It is essential for any security device to quickly detect and eliminate internal threats before they infiltrate and infect larger areas of the network. With a large, distributed network that reaches across the globe, a security solution was needed that offered scalability and a flexible response policy in order to more effectively prevent attacks from spreading. • Network visibility The Fortune 1000 company needed a security device that could provide comprehensive incident and response information, including real-time and historical attack data as well as detailed tracking capabilities. The security team required information from the time the breaches first occurred until they were finally resolved. Other required information included the attack origin and magnitude of each attack, which network resources, if any, were impacted, and what corrective actions had been taken.
Challenges: Prior to deploying Counterstorm-1, this Fortune 1000 media company had a comprehensive network security approach that included firewalls, anti-virus, anti-spam and patch management, but the company still felt vulnerable to attacks that originated on the network interior. One of their primary concerns centered on zero-day and targeted attacks which could spread through the network before a signature or a patch was generated to halt them.
There were several key requirements in evaluating solutions. • High value data protection The media company's network contains highly valuable and proprietary data. If the company were ever to experience a security breach, this important information could be damaged or stolen. A key requirement was to safeguard network data from both internal and external threats. • Diverse population support As part of its core business initiatives, the company is required to support a widespread and diverse audience. A variety of user communities access its network every day from both internal and remote locations. These users also interact with protected and unprotected clients, and they access the network using both company-owned and personal devices. Such diverse network activity poses a significant security risk. A user might unintentionally introduce an attack into the network by connecting from an unsecured, infected device, for example, or by interacting with an unprotected client network. Nevertheless, the company needs to provide full service to its diverse user base and maintain security across the network. • Accurate protection against internal network threats The company deployed a variety of security solutions that adequately protected the network perimeter but these solutions did not protect the internal network against zero-day and targeted attacks. Due to the company’s high visibility, large amount of proprietary data, and its diverse user community, it required a fast, accurate, and calculated solution to protect its network interior. • Prevention of larger outbreaks It is essential for any security device to quickly detect and eliminate internal threats before they infiltrate and infect larger areas of the network. With a large, distributed network that reaches across the globe, a security solution was needed that offered scalability and a flexible response policy in order to more effectively prevent attacks from spreading. • Network visibility The Fortune 1000 company needed a security device that could provide comprehensive incident and response information, including real-time and historical attack data as well as detailed tracking capabilities. The security team required information from the time the breaches first occurred until they were finally resolved. Other required information included the attack origin and magnitude of each attack, which network resources, if any, were impacted, and what corrective actions had been taken.
"In 2005, we had at least four or five experiences when we caught malware long before signatures were out. We don't rely on the antivirus vendors to protect us against zero-day and targeted attacks, we rely on CounterStorm.
Director IT Security/Risk Management
Solution provided by CounterStorm: Traditional security solutions such as anti-virus, firewalls and patch management are all important components of a layered security approach; however they were not designed to address today’s and tomorrow’s sophisticated attacks such as targeted attacks, zero-day wormstorms and botnets. CounterStorm-1™ is a network based security appliance that offers a crucial layer of protection by providing surgically precise and unprecedented internal network security by using a combination of custom built, best-of-breed engines including behavioral attack recognition, anomaly detection and a dynamic honeypot. The outputs from each of these engines are fed into a proprietary correlation engine which synthesizes the data to detect malicious activity. When an attack is detected, CounterStorm-1 provides extreme visibility into the event and offers flexible containment options to avoid attack propagation, confidential data being compromised and negative impact on mission critical operations. CounterStorm-1 deploys out-of-band which eliminates traditional redundancy and scalability issues. It does not rely on signatures nor does it require agents to be loaded. Easy to install, deploy and manage, CounterStorm-1 tightly integrates with the existing network security infrastructure for an increased level of protection. The Solution The Fortune 1000 company deployed CounterStorm-1 at several locations within its network in order to address each of these key requirements. They specifically looked to CounterStorm to protect mission critical services and critical information assets against internal security breaches, including both zero-day and targeted attacks. Deployment Today, CounterStorm protects this Fortune 1000 company at key locations in its network. The device has successfully identified and halted several targeted and zero-day attacks on the network. Differentiators • Real-time detection of internal network threats "In 2005, we had at least four or five experiences when we caught malware long before signatures were out. We don't rely on the antivirus vendors to protect us against zero-day and targeted attacks, we rely on CounterStorm." • Immediate ability to stop/quarantine attacks “We experienced a targeted attack and were able to stop it despite the fact that we had no signatures. We confirmed that the captured information was malicious, provided this information to our antivirus vendor, and they developed a signature within forty-eight hours.” “In the early days, we would have spent days before we would even realize that we were under attack. Since deploying CounterStorm-1, we have experienced numerous zero-day attacks where we were ahead of the curve. We do not have to rely on waiting for signatures and being vulnerable until they are available.” User-friendly installation and deployment CounterStorm-1 is easy to install, deploy and manage. The product can be deployed “out of band,” which means that you won’t have to reconfigure or shut down your network. Additionally, there are no concerns about redundancy or latency issues as would be the case with an inline device. CounterStorm-1 is implemented through a central, secure, and easy-to-use graphical user interface (GUI), and its deployment can be managed centrally from any authorized workstation. It may also be used in conjunction with any network or security management systems that are already installed.
Solution provided by CounterStorm: Traditional security solutions such as anti-virus, firewalls and patch management are all important components of a layered security approach; however they were not designed to address today’s and tomorrow’s sophisticated attacks such as targeted attacks, zero-day wormstorms and botnets.
CounterStorm-1™ is a network based security appliance that offers a crucial layer of protection by providing surgically precise and unprecedented internal network security by using a combination of custom built, best-of-breed engines including behavioral attack recognition, anomaly detection and a dynamic honeypot. The outputs from each of these engines are fed into a proprietary correlation engine which synthesizes the data to detect malicious activity. When an attack is detected, CounterStorm-1 provides extreme visibility into the event and offers flexible containment options to avoid attack propagation, confidential data being compromised and negative impact on mission critical operations.
CounterStorm-1 deploys out-of-band which eliminates traditional redundancy and scalability issues. It does not rely on signatures nor does it require agents to be loaded. Easy to install, deploy and manage, CounterStorm-1 tightly integrates with the existing network security infrastructure for an increased level of protection.
The Solution The Fortune 1000 company deployed CounterStorm-1 at several locations within its network in order to address each of these key requirements. They specifically looked to CounterStorm to protect mission critical services and critical information assets against internal security breaches, including both zero-day and targeted attacks. Deployment Today, CounterStorm protects this Fortune 1000 company at key locations in its network. The device has successfully identified and halted several targeted and zero-day attacks on the network. Differentiators • Real-time detection of internal network threats "In 2005, we had at least four or five experiences when we caught malware long before signatures were out. We don't rely on the antivirus vendors to protect us against zero-day and targeted attacks, we rely on CounterStorm."
• Immediate ability to stop/quarantine attacks “We experienced a targeted attack and were able to stop it despite the fact that we had no signatures. We confirmed that the captured information was malicious, provided this information to our antivirus vendor, and they developed a signature within forty-eight hours.” “In the early days, we would have spent days before we would even realize that we were under attack. Since deploying CounterStorm-1, we have experienced numerous zero-day attacks where we were ahead of the curve. We do not have to rely on waiting for signatures and being vulnerable until they are available.”
User-friendly installation and deployment CounterStorm-1 is easy to install, deploy and manage. The product can be deployed “out of band,” which means that you won’t have to reconfigure or shut down your network. Additionally, there are no concerns about redundancy or latency issues as would be the case with an inline device. CounterStorm-1 is implemented through a central, secure, and easy-to-use graphical user interface (GUI), and its deployment can be managed centrally from any authorized workstation. It may also be used in conjunction with any network or security management systems that are already installed.
“We experienced a targeted attack and were able to stop it despite the fact that we had no signatures. We confirmed that the captured information was malicious, provided this information to our antivirus vendor, and they developed a signature within forty-eight hours. In the early days, we would have spent days before we would even realize that we were under attack. Since deploying CounterStorm-1, we have experienced numerous zero-day attacks where we were ahead of the curve. We do not have to rely on waiting for signatures and being vulnerable until they are available.”
Summary: By deploying CounterStorm-1, the company has added an important layer of security to their best-of-breed network defense. The company has also achieved: • Exceptional Accuracy accuracy in identifying genuine network threats and attacks. "When we receive an alert, the incident response team takes it as golden. [CounterStorm-1's] accuracy is such that we are not questioned by the team." • Immediate visibility and termination of zero-day and targeted attacks. “We were able to get extreme visibility into what was happening in the network and got way ahead of the curve. We no longer wake up to find hundreds of machines infected.” • The ability to quarantine infected devices in real-time in order to quickly stop attack propagation and prevent them from spreading to mission critical services.
CounterStorm 15 W. 26th Street, 7th Floor New York, NY 10010 USA Tel: 1-212-206-1900
Download the complete case study From Info Security Products Guide site: CLICK HERE
Recommend this to others:
HOME |
ADVERTISE WITH US |
TELL US ABOUT YOURSELF |
UPDATED PRIVACY POLICY |
Copyright © 2006 Silicon Valley Communications - All rights reserved.
