A global financial organization with $100 billion in assets and more than 10,000 employees worldwide requested assistance detecting attacks in its remote offices. The company needed a solution that integrated with their existing processes.
Delivering superior security, strengthening existing defenses
The Challenge
The firm’s large internal security organization runs a Cyber Fusion Center (CFC) with dedicated teams focused on threat intelligence, detection, and incident response. Even with that mature capability, the company realized they needed help protecting their remote sites.
The Approach
Booz Allen partnered with the organization’s security team to deploy our Managed Threat Services (MTS), delivered on top of Booz Allen’s proprietary network visibility technology, at strategic points in the organization’s network.
Increased visibility, enhanced security
Booz Allen delivers MTS on top of patented technology that provides deep insight into attacks and security vulnerabilities. We deployed network sensors to critical points to see every packet that traveled across the firm’s network. After sifting the packets through Booz Allen’s blended dynamic detection engines, our MTS recreated and analyzed all files.
Our file-carving capabilities can unpack embedded files (zip, embedded macros, etc.) and submit them into our detection engines. Booz Allen analysts operate 24x7 to back up this detection capability.
The Solution
Booz Allen delivered greater situational awareness by integrating with internal CFC processes and delivering the comprehensive protection the firm needed. Access to Booz Allen’s highly skilled talent intensified the internal CFC’s output.
The organization had used a large managed security service provider (MSSP) provider for years. They even had a dedicated internal team assigned the task of verifying the large volume of alerts the MSSP generated. Verified alerts were passed on to a second internal team focused on remediation. Eventually leadership decided that Booz Allen’s validated threats were of such high quality that the internal validation team could be redeployed to focus on other high-value activities.
During deployment, Booz Allen’s MTS not only covered remote site risk, but also discovered an oversubscribed port on their network aggregator that had been reducing visibility to their entire security tool suite by 20 percent for over a year.
We Catch What Others Miss
As part of the Booz Allen MTS, we installed network sensors to offer full packet capture at critical network areas. One sensor was installed behind a network aggregator alongside devices from several well-known competitor security firms. The competitor devices had been in place for over a year when the Booz Allen sensor was installed; all the devices began receiving the same data.
During the sensor implementation validation, analysts discovered that 20 percent of all packets were being dropped at the aggregator. None of the competitors even realized their security devices had been missing such a large portion of data for months on end.
The Future
By delivering superior visibility through access to world-class talent and technology, Booz Allen’s MTS is ready to drive results for your enterprise now and fortify your capabilities for the ever-evolving challenges ahead.
