With today’s BYOD momentum – employees, partners, and customers are accessing web portals, networks, and shared connections via personal devices that are not protected or monitored by a company’s IT security experts.

Thousands of personal devices connecting to open wireless networks on a daily basis creates the potential for a compromised network. This most certainly the case for one US-headquartered oil and gas company that has asked not to be named for security reasons.

Challenge

For a large energy sector enterprise, the risk of being unable to control and monitor the personal devices used by its employees to access corporate assets is of great concern. These devices create major vulnerabilities that cannot be controlled effectively. The oil and gas firm, which operates in more than 50 countries, sought a tool with the following specifications to solve their problem:

– Enable employees to use their own devices without the need to install any agent or software

– No purchase of an additional on-premises device to be placed on the network

– Deploy quickly across multiple sites worldwide

– Avoid the need for employees to bring devices to IT for installation or install themselves

– Provide detailed forensics

– Supply timely intelligence, so IT teams can act swiftly

Solution

The enterprise decided to use Seculert’s proactive Botnet Interception technology. During set-up the enterprise’s IT security team entered all internal and external facing domains as well as web-based portals into Seculert’s system. Meanwhile, integration between Seculert’s cloud-based service and the enterprise’s MDM was established through the Seculert API by a member of the IT security team. This allowed the enterprise to block breached devices when identified by Seculert.

The total setup took less than ten minutes. The solution immediately identified a personal mobile device that was communicating from within the company’s network to known domains used by command and control servers. The MDM immediately blocked this device plus Seculert’s detailed forensics allowed the company’s IT security team to pinpoint the owner of the infected device and push instructions to their firewalls to block this employee’s access to critical assets and services (that he would normally have access to). This case was then escalated to the appropriate internal IT team that approached the user and cleaned the infected device.
The user was then required to reset his passwords to all critical applications before the firewall restriction was removed.

Benefit

Thanks to Seculert’s Botnet Interception, an attack that was already in progress was detected and stopped. From that point on, the oil and gas enterprise was able to monitor their connections and traffic to immediately detect new infections. Since Botnet Interception is device agnostic and cloud-based, it can discover compromised endpoints at headquarters and at satellite offices worldwide. Thus the company is able to reduce the risk that sensitive information and credentials are leaked through unprotected devices and is able to detect malicious activity of infected devices connecting to their web assets.