National Finance Institution
National Finance Institution Transforms Security Operations and Gains Visibility with Extrahop Reveal(x)
Visibility and forensic data reduce false positives to improve both security and performance
Improved access to data and business intelligence to inform better business decisions
Tighter coordination with network team turns the security team into a business enabler
Modernizing Security for Better Lateral Visibility
Financial institutions are favorite targets for cyberattacks, and destructive attacks have surged in the past year. In light of increasingly advanced threats, this financial institution wanted to increase their network security to better protect their infrastructure and their customers' data.
According to the IT Security manager, the institution had a traditional security setup. All logs ran through a SIEM tool, and a recently upgraded endpoint protection platform allowed them to more actively hunt threats. But they were missing critical east-west visibility across their on-premises and cloud environments.
"We could see the endpoints, and we could see the server—but we couldn't see all the transactions that were happening in between," says the security manager. "Our MSSP recommended we investigate NDR solutions to gain that visibility and ramp up our threat response."
As much as Reveal(x) is a security tool, it's also really helped us mature our security and business practices to completely modernize our SOC and power our adoption of the cloud.
IT Security Manager
, National Finance Institution
Transformation Improves Security and Speeds Cloud Adoption
After POCs from both ExtraHop and Darktrace, the team selected ExtraHop Reveal(x) network detection and response (NDR) based on the accuracy of its alerts and the contextual analysis it provided. "We didn't like the types of alerts Darktrace was giving us," says the security manager. During the proof of concept, Darktrace alerted network traffic back and forth to China, sending the team into emergency mode. Reveal(x) was able to prove that the alerts were caused by someone using TikTok. "Darktrace didn't give us the granular detail ExtraHop did. The Reveal(x) data was far more accurate from Day One."
ExtraHop Reveal(x) has transformed the institution's security practices, providing visibility across their IT estate, real-time threat detection, and faster response. By taking full advantage of the flexibility inherent in Reveal(x), the institution has also accelerated cloud adoption and integration. "Reveal(x) has been a tremendous tool for modernizing our security operations center (SOC), complementing our EDR and SIEM to make a whole that is much more than the sum of its parts."
Ultimately, the primary use case for Reveal(x) for this customer was more robust network security to establish normal baseline behavior and quickly identify suspicious or malicious behavior. With a small team, they also needed instant context and easy workflows. The time to value was short, according to the security manager. "We were up and running in less than a day, getting visible, viable network information right away. We'd never had this level of visibility before. We strengthened our security posture by cleaning up hygiene on day one."
Better Collaboration, Security Hygiene, and Communication with Leadership
Clear Executive Reports
Security overview presentations to leadership have not only been significantly streamlined, but they are also of much more value to the institution, thanks to Reveal(x) dashboards and reporting capabilities. Twice-a-quarter executive meetings scheduled for an hour commonly took as many as three hours because of the number of questions, according to the security manager. Today, communications to executives are much more straightforward. "Reporting is much more intuitive—and I can generate customized reports using the data from Reveal(x) to create visuals that instantly convey important information. In the end, the data rises above basic information to actual business intelligence the board can use to make informed decisions."
Greater Visibility Improves Security Hygiene
Once Reveal(x) was implemented, the security team discovered issues affecting performance and presenting potential security issues. They detected and disabled SMBv1 running on an older system. They also found virtual machines with expired certs and clear text passwords, as well as SSL handshakes that were taking longer than nine seconds. "Without the controls and monitoring we get with Reveal(x), it was like the Wild West. But now we can instantly identify security gaps and see where the machines themselves were underpowered in our production environments."
Improved SOC Augments Talent
By leveraging their new capabilities, the security team has virtually eliminated their backlog and greatly improved the effectiveness of their SOC. That means they now have time to train and improve. In an incredibly competitive market for cybersecurity talent, many companies have to hire and train less experienced people. By using ExtraHop Reveal(x) to transform security operations, this institution was able to maximize the value of its analysts. "It's like turning a Tier 1 analyst into a Tier 3 because of the instant access to data and the simplified workflows," says the security manager.
Collaboration Across Teams
ExtraHop Reveal(x) has also become a critical collaboration tool for the network and security teams. "In the past, there could be a lot of time wasted when an issue was identified and the teams were looking at it from different perspectives, but with all of us using the same tool, we can be faster, not just with detection but with communication between teams. Reveal(x) really is our go-to tool for all basic troubleshooting at this point."