How to Avoid Contagious Third-Party Compromises

Case Study

The following story is based on an actual third-party compromise that occurred in December 2019. Customer names and titles have been changed to ensure their privacy.
13 November 2020

Todd, a risk management director at a communications organization, was relieved the first time he used Prevailion and saw that his immediate network was green — clean of active cyber compromise.

Seeing Prevailion’s positive network indicator was reassuring, because it validated the existing security measures he had enacted to secure his network.

But trouble was brewing just on the other side of his organization’s door.

Beyond monitoring his company’s IP addresses, Todd is using Prevailion to continually monitor his large ecosystem of third-parties, including vendors, suppliers and partners. After Todd dug a little deeper, he discovered that a trusted third-party organization had an active – and unreported – compromise lurking inside its network that could jeopardize Todd’s own infrastructure by “island hopping” through their linked connections. It was only a matter of time before his partner’s compromise would become his own, threatening his customers’ valuable data and proprietary information.

My Partner is Compromised – Now What?

Todd reached out to Prevailion for guidance on what he saw as an active cyber compromise in his partner’s network — something that could ultimately affect his network. Prevailion’s intelligence team confirmed the issue, and with Todd’s help, agreed to connect with the partner’s head of IT to bring the security flaw to their attention.

Prevailion contacted the organization and explained the problem.

The company’s head of IT was shocked to learn that a malware infection he thought he had removed the month before was still active inside the network. What he didn’t realize was that the malware infection had survived his remediation efforts and had quietly persisted on the company’s network. Had Todd not noticed the malicious activity in Prevailion’s APEXTM Platform, the malware would likely have remained undetected for a significant period of time, doing untold damage to the organization and its partners.

Prevailion provided the organization’s incident response team with all of the evidence and telemetry that were needed to stop the malware and remove it from the network.

Not long afterward, Todd checked Prevailion’s APEXTM Platform and confirmed that the affected organization was no longer compromised — and it all started when he expanded his compromise visibility just beyond his organization’s network.

Todd’s story demonstrates why it is important to overcome the inertia of inter-organizational relationships to counteract the advanced nation-state adversaries of today.

Do I Need to Worry About MY Third-Party Connections?

Yes. A compromised third-party vector, like the story above documented, is how Target’s point-of-sale systems were breached in 2013. This breach resulted in one of the largest credit card scandals in history, affecting 40 million customers and accounting for more than $220 million in damages to the company over the ensuing years.

Prevailion is a next-generation cyber intelligence company that monitors billions of active, malicious beacons all around the world. This is a big step beyond the indicators of compromise that are at the core of most security solutions.

If Prevailion sees something, it’s not just an indicator of a potential threat – it is evidence of an actual compromise.

Copyright 2021 Prevailion, Inc. All rights reserved.    

Disclaimer: Gartner “Cool Vendors in Security Operations and Threat Intelligence,” Mitchell Schneider, Ruggero Contu, John Watts, Craig Lawson, October 13, 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Disclaimer: The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.