Case study: Mine
Company name:
Sector
Description:
Challenges
- Limited visibility of network traffic
- Complex threat landscape
- Too many reactive measures
- Legacy IT systems
- Compliance with the GDPR and the NIS directive
Results
- Full real-time network visibility
- Early detection of known and unknown cyber threats
- Automatic response based on artificial intelligence
- A modern probe that seamlessly integrates with existing solutions
- Data leak detection module
Challenges
As a critical infrastructure enterprise, the client needed a variety of security – both at the level of client data protection and IT/OT environment security, composed of many older legacy subsystems, often focused on reactive counter measures.
The most common challenge facing CISOs, and their team is the lack of full network visibility, problems related to incident response time and prioritization of cyber-attacks and activities. The cybersecurity team must have the technical means to analyze and understand the atypical behavior of network users – including those within the organization.
In addition, due to the significant amount of personal data processed, critical infrastructure enterprises as well as cultural institutions, in accordance with the GDPR, are obliged to protect sensitive personal data in order to meet this challenge, organizations are looking for solutions that do not only monitor the flow of sensitive data but also help in providing the required information and support Data Protection Officers in creating reports.
Solution
After a 30-day testing period, Cryptomage implemented a Network Detection and Response (NDR) class Cryptomage Cyber Eye ™ probe, offering dynamic, low-level traffic analysis that detects various types of cyber-attacks – including unsigned. Proprietary, self-learning algorithms based on artificial intelligence and machine learning help detect and respond to unknown threats at an early stage, which allows the security team to be proactive rather than reactive to threats.
The implementation of the Cryptomage Cyber Eye ™ also allowed for more effective real-time network traffic monitoring and threat detection – no matter how long they were on the network. Built-in analytical tools can configure their event triggers. In addition, the probe can assess the risk of each event and effectively manage threats, and monitor the security of permitted network traffic. At the same time, the Cryptomage Cyber Eye ™ probe is seamlessly integrated with already existing legacy solutions.
Often, employees use unauthorized devices, websites, and services that may be infected with malware. Cryptomage Cyber Eye ™ installation increases network visibility. It enables easy detection of potentially dangerous traffic and devices connected to the network without permission, thus increasing the potential and offering another effective tool for the cybersecurity team.
To ensure the client’s compliance with the GDPR, the Cryptomage team has created (at the client’s request) a module to detect personal data leaks that flow in vast amounts daily, both during the regular operation of the mine and the museum. The module detects any unusual behaviors and applications on the server that are potential sources of transmission of sensitive data.
Results
By deploying the NDR (Network Detection and Response) Cryptomage Cyber Eye ™ probe, the cybersecurity team gains better real-time network visibility and an additional layer of security, critical to risk mitigation, faster response, and more detailed investigation of threats and attacks on infrastructure companies. Expanded network visibility provides a better understanding of the actions taken by users and devices. With Cryptomage Cyber Eye ™, cybersecurity and compliance teams get a reliable solution and an experienced team of analysts available on demand.
Another benefit of implementing Cryptomage Cyber Eye ™ is the advanced GDPR compliance module – the data leakage monitoring module is equipped with an easy-to-use report generator for Data Protection Officers.
Also, a clear and simple user interface helps the cybersecurity team manage technology more effectively and efficiently with a graphical overview of network activity and investigate security incidents with the embedded forensic tool.