How to Avoid Contagious Third-Party Compromises
Case Study
Seeing Prevailion’s positive network indicator was reassuring, because it validated the existing security measures he had enacted to secure his network.
But trouble was brewing just on the other side of his organization’s door.
Beyond monitoring his company’s IP addresses, Todd is using Prevailion to continually monitor his large ecosystem of third-parties, including vendors, suppliers and partners. After Todd dug a little deeper, he discovered that a trusted third-party organization had an active – and unreported – compromise lurking inside its network that could jeopardize Todd’s own infrastructure by “island hopping” through their linked connections. It was only a matter of time before his partner’s compromise would become his own, threatening his customers’ valuable data and proprietary information.
Todd reached out to Prevailion for guidance on what he saw as an active cyber compromise in his partner’s network — something that could ultimately affect his network. Prevailion’s intelligence team confirmed the issue, and with Todd’s help, agreed to connect with the partner’s head of IT to bring the security flaw to their attention.
Prevailion contacted the organization and explained the problem.
The company’s head of IT was shocked to learn that a malware infection he thought he had removed the month before was still active inside the network. What he didn’t realize was that the malware infection had survived his remediation efforts and had quietly persisted on the company’s network. Had Todd not noticed the malicious activity in Prevailion’s APEXTM Platform, the malware would likely have remained undetected for a significant period of time, doing untold damage to the organization and its partners.
Prevailion provided the organization’s incident response team with all of the evidence and telemetry that were needed to stop the malware and remove it from the network.
Not long afterward, Todd checked Prevailion’s APEXTM Platform and confirmed that the affected organization was no longer compromised — and it all started when he expanded his compromise visibility just beyond his organization’s network.
Todd’s story demonstrates why it is important to overcome the inertia of inter-organizational relationships to counteract the advanced nation-state adversaries of today.
Yes. A compromised third-party vector, like the story above documented, is how Target’s point-of-sale systems were breached in 2013. This breach resulted in one of the largest credit card scandals in history, affecting 40 million customers and accounting for more than $220 million in damages to the company over the ensuing years.
Prevailion is a next-generation cyber intelligence company that monitors billions of active, malicious beacons all around the world. This is a big step beyond the indicators of compromise that are at the core of most security solutions.