At Datashield we keep our clients' names private, away from the public eye. For obvious security reasons, we want to prevent them from being targeted. However, we do want to share some case studies to give you an idea of what we are able to do for our clients.
For more specific examples or technical details, contact us.
A large not-for-profit health system is known for innovative and unparalleled quality offering advanced treatment options and specialties found nowhere else in the region. The customer received a Consumer Choice Award as deemed by the people of the community based on four essential consumer metrics: Best Overall Quality, Best Image/Reputation, Best Doctors and best Nurses. The Healthcare provider offers a full range of diagnostic, therapeutic and rehabilitative services.
The Healthcare provider was using a legacy SIEM as part of their defense in depth. The current SIEM provided very little valuable data for securing their environment. They had limited visibility into their network and at the endpoint. They also lacked the resources and bandwidth to deal with the volume of alerts they were receiving daily.
At the same time, their attack surface continued to grow with the sprawl of IoT in healthcare, and entities like themselves continued to be a rich target for cyber adversaries. The IT and Security teams were continuing to feel pressure from upper management to patch security holes and reduce their overall security white space.
By engaging Datashield MDR it dramatically increased their defense-in-depth with the addition of SIEM for Logs, Full Packet Capture and Endpoint detection. This was accomplish by Datashield providing the following:
An onsite asset criticality exercise was completed as part of the service on-boarding which gives detailed context when Datashield analysts are investigating suspicious activity. Datashield's proprietary SHIELDVision technology continually scans the client’s environment for signs of anomalous activity, as well as, scans historical data to search for zero-day threats.
The net result is a Managed Detection and Response solution prescribed to fill the gaps needed to meet their security requirements. The service provides unlimited visibility through full packet capture and end-point detection. It allowed them to use corporate security resources for critical internal needs while using the service as an extension of their security team. Now the Healthcare Provider has alleviated resource gaps, has detailed visibility into their threat landscape, has reduced alerts to only validated threats and has a partner in their security program. Just what the doctor ordered!
The customer is an International travel management company. Founded in 1946, The Customer is the 5th largest travel management company in the United States, servicing clients throughout the country, as well as globally.
The customer was using a Managed SIEM service as part of their security architecture. The current SIEM and MSS service provided very little valuable data for securing their environment. They had limited visibility into their network. They also lacked the resources and bandwidth to deal with the volume of alerts they were receiving daily. The IT and security teams wanted full packet visibility into the network along with custom views and reporting.
Engaging Datashield (MDR) dramatically increased their defense-in-depth with the addition of log collection and full network packet capture. The Datashield MDR Service provides 7x24x365 security monitoring and management of the monitoring technology. Proprietary SHIELDVision technology continually scans the client’s environment for signs of anomalous activity, as well as, scans historical data to search for zero day threats. Active hunting by experienced analysts provides searching for unknown threats were signatures are not available for traditional technologies.
Any signs of an incident generates a deep packet investigation by an Analyst ruling out false positives. With all granular data available the Analyst will generate and send a detailed incident notification once it is validated. The notification includes remediation instructions for timely resolution while the Datashield SOC works with the customer through clean up.
The Customer now has full Packet visibility into their environment for threat detection and response along with full reporting. By engaging an experienced SOC team their internal resource bandwidth has eased, and they are receiving validate incidents and not a barrage of alerts. The Travel company now has a partner in security detection and response.