Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Company
Platform
Modern NDR
Resources
Company
Customer Story
A leading global payments provider faced a critical security gap in its trillion-dollar infrastructure. Lacking network detection and response (NDR) for core systems, the firm was blind to internal lateral movement and privilege escalation. This visibility deficit caused investigations to average three hours, severely delaying SOC response.
Overview
A leading global payments and financial technology provider that moves trillions of dollars and processes a large percentage of all credit card transactions, confronted a critical security gap in its infrastructure. The organization maintained no network detection and response (NDR) solution in place for its core payment infrastructure, which left it blind to internal threats like lateral movement and privilege escalation. This lack of visibility resulted in extremely long Level 4 incident investigations, averaging three hours, severely delaying the Security Operations Center’s (SOC) ability to respond.
The organization selected the ExtraHop modern NDR platform to secure its critical assets, successfully delivering:
The organization gained NDR capability for critical payment infrastructure, securing assets vital to the national economy.
The team cut Level 4 incident investigation response time from three hours to less than 15 minutes to maximize SOC efficiency.
The platform enabled high-fidelity detection of lateral movement, privilege escalation, and unusual authentication on the network.
Dedicated ExtraHop residents ensured success and mitigated project stall risk, which accelerated deployment and delivered rapid ROI.
Challenge
As a global leader in payments and financial technology that operates infrastructure critical to the national economy, this organization demands flawless security execution against high-level threats like nation-state actors. However, the existing security architecture presented several critical challenges:
The lack of an NDR solution left critical payment infrastructure completely blind to internal threats. The organization could not detect sophisticated attacks such as lateral movement, privilege escalation, or unusual authentication at the network level.
While the incumbent NDR vendor provided network data, it failed to deliver the required security depth. This existing solution lacked the deep security detections necessary to stop high-level threats, including sophisticated nation-state attacks. The absence of a proper NDR function meant the organization remained blind to critical internal threats like lateral movement, privilege escalation, and unusual authentication at the network level.
Extremely long Level 4 incident investigations hindered the SOC. These investigations took approximately three hours and delayed the team’s ability to quickly contain and neutralize threats. Reducing this time was a key organizational goal.
Due to heavy operational workloads on internal security and engineering teams, the organization faced a significant risk of a stalled or low-ROI NDR deployment.
Solutions
ExtraHop successfully displaced the incumbent vendor, proving its ability to provide unified security coverage that met the organization's high-stakes security requirements. The modern NDR platform enabled the SOC to achieve transformative efficiency.
The key outcomes and advantages delivered to the organization include:
The company secured the required forensic depth and network control when it deployed ExtraHop, which analyzes 100 Gbps of east-west traffic and uses high-speed decryption to immediately find threats previously hidden within encrypted flows.
The cloud-scale machine learning built into the ExtraHop platform lifted the SOC's operational burden because it provided high-fidelity, low-noise detections. This shift allowed analysts to move focus from low-value false positives to highly reliable network activity, signaling true post-compromise threats and endpoint detection and response (EDR) evasion tactics.
The security team achieved comprehensive insight by using identity-based investigation, which links malicious network activity directly to user and service accounts, finally enabling the detection of all missed AD and lateral movement attacks.
ExtraHop fundamentally simplified incident response workflows, because it established itself as the definitive source of network truth, automatically feeding high-value contextual data to the customer’s existing SIEM and EDR platforms.
The company gained efficiency and reduced complexity by consolidating NDR, NPM, and IDS capabilities into one unified, integrated solution for comprehensive network security and observability.
The company mitigated major risk by gaining deep fluency (parsing over 90 protocols) that allowed for accurate decoding of all traffic, including sensitive database communications, without introducing performance risk. This was critical for detecting hidden AD attacks and lateral movement.
PLATFORM
Results
The payments leader achieved immediate, transformative security improvements following the deployment of the ExtraHop NDR platform.
The organization dramatically cut Level 4 incident investigation time from three hours to less than 15 minutes. This improvement allows the SOC to respond to threats and maintain their competitive advantage in the payment space.
For the first time, the organization gained NDR capability for its critical payment infrastructure. This visibility enables high-fidelity detection of key internal threats such as privilege escalation and lateral movement.
ExtraHop displaced the incumbent vendor. The organization ensured a high-ROI deployment by leveraging dedicated ExtraHop residents to accelerate the project and mitigate stall risk.
ExtraHop successfully closed integration gaps. The team now sends alerts and performance detections to Moogsoft, while Google Chronicle pulls security detections via REST API to strengthen defense in depth.
The networking and security teams now collaborate more closely to build out the future SOC operations. These teams leverage ExtraHop's platform for comprehensive network performance monitoring, plus detection and response on one platform to thwart nation-state attacks.
