Fortune® 500 Financial Services Company Eliminates Blind Spots in Network Visibility & Improves Security with Bricata

C A S E S T U D Y

“We Don’t Want Another Alert Cannon”

T H E C H A L L E N G E

Empower CIRT with technologies that increase visibility, improve detection & enable response.

Aligned to CIRT’s core initiatives

Multiple detection techniques

Complete network insight

Simplified user experience

B R I C A T A . C O M | I N F O @ B R I C A T A . C O M

Why Bricata

1

C U S T O M E R R E S U L T S

Significantly improved visibility

Enables proactive threat hunting

Access to network truth PCAPs

Reduced time to incident response

Leverages trusted data center Infrastructure

Cloud-enabled

“ Bricata completely eliminated our ‘swivel chair analyst syndrome’ and aligned perfectly with our goal of visualizing and responding to an incident. Every layer of our security operations team leverages the tool and its valuable data as part of their daily workflow.”

“ Bricata was unique in two ways: it has a software-based approach with each component of their solution able to run on standard server technology our data center teams know and trust; and they price based on aggregate bandwidth actually monitored and not by sensor capacity. This allowed us to grow from 25 sensors in the grid to over 40 monitoring points across the business and only pay for what was analyzed. We gained access and visibility we’ve never had before, and the project is forecast to come in lower than our annual maintenance fees for the previous solution.”

“ Bricata’s cloud solution will enable us to protect our growing AWS cloud/hybrid infrastructure.”

“ As a part of our evaluation, we look at a variety of tools in the Network Detection and Response (NDR) space. We quickly realized that many founded themselves on detection, with most claiming some new breakthrough in machine learning or AI; and that they were ‘black boxes’ backed by a vendor request to ‘trust us.’ Our analysts are purposely trained to expand the aperture when investigating. With Bricata, we found a good balance between detection and visibility, especially their ability to support threat hunting, even without a triggering alert. Being able to pivot to network history and quickly visualize specific flows or devices was also key.”

Cutomer Experience

2B R I C A T A . C O M | I N F O @ B R I C A T A . C O M

T H E C H A L L E N G E

CIRT Lacks Visibility to Do its Job For this large financial services company, their Network Intrusion Detection System (NIDS) was deployed long ago when everything was different—the threats they faced, their focus, the tools they used, and the size and skill of their cyber-team. Threat hunting, telemetry granularity, and network blind spots were not concerns when the NIDS was originally deployed, but they are now, and big ones

Today, their posture has dramatically changed, not just in technology, but also human capital, with over 40 analysts on their Cybersecurity Incident Response Team.

I N D U S T R Y L A N D S C A P E

According to Ponemon Institute’s “Ninth Annual Cost of Cybercrime Study,” the financial services sector continues to experience the highest cost of cybercrime.1 Banking alone saw an 11 percent increase in cost year-over-year. Forbes reports that the financial services industry accounts for 35% of all breaches, making it the most breached sector.2

Yet surprisingly, many of even the largest financials select security tools according to an audit check-box, or based on hyped vendor promises of a new form of threat detection, forcing SOC and IR analysts to waste time responding to “alert cannons” full of false-positives and lacking context.

1 Ninth Annual Cost of Cybercrime Study, Unlocking the Value of Improved Cybersecurity Protection, Accenture. https://www.accenture.com/_acnmedia/PDF-96/Accenture-2019-Cost-of-Cybercrime-Study-Final.pdf#zoom=50

2 What Financial Services Executives Need To Know About Data Security, Forbes. https://www.forbes.com/sites/ insights-klgates/2019/01/15/what-financial-ser-vices-executives-need-to-know-about-data-security/#242a613e1e43

3B R I C A T A . C O M | I N F O @ B R I C A T A . C O M

A B O U TBricata is leading the next generation of advanced network detection and response for the enterprise. By fusing real-time visibility, advanced detection, analysis, forensics, incident response and threat hunting into a single platform, Bricata provides organizations with end-to-end visibility and context for direct answers and powerful insight to take immediate action.

Copyright 2020 Bricata, Inc.

B R I C A T A . C O M | I N F O @ B R I C A T A . C O M | 8 8 8 . 4 6 8 . 0 6 1 0 | FACEBOOK Twitter-square LINKEDIN

Bricata’s Network Detection & Response Platform

+ Network traffc is ground truthThis large financial chose Bricata for its combination of rich and comprehensive network visibility, multiple detection techniques (network signatures, behavior patterns and advanced malware detection), and out-of-the-box threat hunting environment all operated via a unified, intuitive, and productive interface.

+ No alert requiredSimilar to many organizations this financial’s CIRT heavily relies on the ability to comprehensively investigate threats prompted by an alert or to proactively hunt them down based on experience and a hunch. Alert-based investigations often pivot into threat hunting once a suspect device or transaction has been identified.

+ Eliminate blind spotsSubstantial enterprise growth—driven by acquisitions and creations of new lines of business—required rapid augmentations to their infrastructure, which resulted in undesirable and risky network blind-spots. Traditional “network iron” (appliance) based deployments drove up costs and significantly restricted access to network data as tapping/mirroring ports were not available or became cost prohibitive to implement.

+ Future-proofing new investmentsNot surprisingly, the customer has an emerging cloud strategy, as the risk vs. reward gap for public cloud adoption continues to narrow.

T H E S O L U T I O N

4

R E Q U E S T B R I C A T A . L A B S A C C O U N TGet free access to a cloud lab environment and tour the Bricata dashboard platform at: https://bricata.com/take-a-tour/