TrapX DeceptionGrid Platform for Law Enforcement
Categories
Description
Attackers Target Law Enforcement Data
Project Background - a Technology Evaluation
Our case study focuses on a prominent law enforcement agency. This agency has responsibility for many activities which may include highly sensitive investigations into organized crime and terrorist activity. This agency is always interested in improving their cyber defenses and has a large budget dedicated to technology acquisition. Priorities for this agency include the protection of the confidentiality of their ongoing operations, internal processes and their personnel.
This agency conducted a survey of technology vendors and wanted to learn more about deception technology. They were familiar with legacy honeypot technology and found it to be far to expensive to implement both in terms of resources and financial cost. This agency was very cautious and had partitioned several networks within the enterprise. Some were to be used for highly confidential (classified) data only - others for data of lesser confidentiality.
Advanced Persistent Threat Leverages Lapse in Protocol
DeceptionGrid was placed into operation. Within one week the customer security operations (SOC) team received a High Priority Alert indicating the lateral movement of an advanced threat. The malware was automatically trapped and injected into the sandbox for continued analysis. The attackers had established sophisticated command and control and had bypassed the complete array of existing intrusion detection, firewall, endpoint and perimeter cyber software defense.
A full investigation continued as DeceptionGrid continued to monitor and capture malware movement. The agency's security operations team determined that there was an internal breach in their protocol. A connection, in breach of the agency's operting procedures, was found between their secure network and one of the less secure networks (lower security rating). This breach in protocol enabled the attacker's access .
Exfiltration of Data Discovered and Halted
The attacker was found to have moved without detection throughout the law enforcement agency network and servers. There were over ten explicit lateral movements made prior to detection by DeceptionGrid. The attacker found and exfiltrated data including the confidential records of agency personnel, their I.D information, their photographs and other highly confidential data. DeceptionGrid enabled the agency to disrupt the attack and then confidently restore normal security protocols.
Details
Business tasks
Ensure Security and Business Continuity
Problems
Risk of attacks by hackers
Risk of data loss or damage
Risk of lost access to data and IT systems
