Our customer is a major distributor of digital communication products with over one hundred sales offices, dozens of stocking locations, and serves over 12,000 customers every month across 750 cities. Due to the sheer size and reach of their business, the client welcomed the opportunity to see how ColorTokens could provide them clarity regarding potential threats within their network security efforts.
Despite investing in a range of cybersecurity tools including IAM, IDS/IP, NGFW, VPN, and EPP, the customer still had concerns regarding vulnerabilities within their perimeter. Understanding that today’s attackers can leverage various attack vectors like trusted users, misconfigurations, and oversight to breach the environment, the customer wanted to block hackers’ ability to move laterally within their system and protect their crown jewels. Thus, in seeking out a solution, the customer’s primary concerns centered around finding a comprehensive solution to quickly discover and respond to unauthorized connections and breaches within their network.
ColorTokens Xshield provided the capability for the customer to understand the effectiveness of its cybersecurity controls. Concerned with what was at-risk in their critical systems, the customer requested that Xshield be deployed on their entire server infrastructure to visualize all network connections and secure their most important internal information, intellectual property, and their customer data.
Xshield Visualization and Micro-Segmentation
Xshield’s Skyview Visualizer quickly modeled the customer’s application infrastructure and assessed the security state of the applications by discovering unauthorized connections. The customer narrowed their focus on specific applications and vulnerabilities to map application dependencies and discover insecure protocols along with suspicious connections. This level of visibility allowed the customer to identify vulnerable servers that would benefit from preventative measures against the lateral movement of cyber threats and attacks.
Almost immediately, the customer was able to see that its current security solutions were not fully detecting their databases and applications’ direct inbound and outbound connections with malicious IPs, private networks, and domains.
Xshield delivered real-time discovery of previously hidden malicious communications beyond what their controls such as NGFW, EPP, and Anti-DDoS showed. This included malicious communications on SMTP, SIP, several random TCP ports, and even an inbound DNS request that was destined towards critical internal application groups. Both untrusted inbound and outbound connections were from different geolocations – further emphasizing the breadth of potential vulnerabilities that existed and were previously undiscoverable within their infrastructure.Digging further into the connections within the environment, Xshield was able to show application dependencies, inter-relationships, and access patterns of databases shared with unrelated applications and internet networks.
The state of these databases revealed an inherent security risk that exhibited inbound and outbound data transfer with nefarious IPs and domains.
Insights into the gaps of their existing cybersecurity solutions allowed the customer to move quickly towards enforcing security policies that prevent these connections.
Results & Benefits
Using Xshield, the customer understood that they will be able to better defend against threats to its applications and database servers. The strength of quick deploy Zero-Trust architecture and improved visibility across a vast network provided the customer with an immediate solution to enforce cybersecurity policies without business disruption.