Scans everything Finds everything Blocks... Everything.

Transcription

1 Invest in the company with Trident CMP, a service that... Scans everything Finds everything Blocks... Everything. Deployment case studies of Trident CMP, the breakthrough cyber security service. For information on how to invest contact: info@birchwoodstanhope.com +44 (0)

2 Foreword: The following pages are case studies where Trident CMP (Cybersecurity Monitoring Platform) has been implemented and the results it has achieved. It provides a clear description of the benefit the Trident CMP provides to the customer and further reinforces the notion that it is a breakthrough in cyber security. For information on how to invest contact: info@birchwoodstanhope.com +44 (0)

3 Examples of Client Deployments Case Study 1: Federal Defence Contractor # of Employees 40 Service Performed Insider Threat Detection GBMS Tech deployment team performed an exhaustive investigation into the operations and employees at a medium sized federal cyber security contractor. Our threat operations team was able to identify the follow breaches: Key employee (Co-owner) embezzling cash disguised as payroll bonuses. Recruitment staff downloading entire resume databases before resigning and taking positions at new companies. Collusion amongst key employee and CFO against majority owner of the company. Due to the efforts of GBMS Tech deployment team the majority owner of the company was able to prosecute recruiter for theft of IP, and lower a buyout for a key employee from $3.5 million dollars to $1.5 million dollars. Case Study 2: Healthcare System # of Employees 500 Service Performed Vulnerability Scan and Assessment GBMS Tech deployment team performed a vulnerability scan and assessment on a large healthcare organization. Our security operation team was able to identify the following: Multiple open ports and vulnerable systems. 12 forgotten Windows 2003 servers that were still sitting on the network. Many Windows XP machines that had been replaced with newer machines, but were still powered on with full network connectivity. Identified key areas of IT infrastructure that had not been upgraded, patched, or secured. Our scan allowed the organization to put together a follow up plan to establish better security protocols and shutdown machines that were not in use or due to be replaced. Case Study 3: Hospitality Client # of Employees 700 Service Performed Insider Threat Detection GBMS Tech deployment team performed an exhaustive investigation into the operations and employees at a large hospitality client in the MD area. Our threat operations team was able to identify the follow breaches: Employees hiding or masking addresses in order to send company IP back to personal Gmail accounts. Employees downloading or printing entire customer spending patterns and lists without permission. Employees stealing customer contact lists via and Dropbox. Due to the efforts of GBMS Tech deployment team the company was able to prosecute employees for breach of contract and theft of company information. Phalanx Secure Solutions employees worked with legal counsel for the client to prepare cases for court.

4 Case Study 4: E-Commerce Site # of Employees 12 Service Performed Penetration Testing GBMS Tech deployment team performed a penetration test against a client s e- commerce site and Amazon AWS infrastructure. Our client had assured us that he had been getting penetration tests for years and that we would find his system top notch. The GBMS Tech deployment team was able to find: Several high priority vulnerabilities within the first two hours of testing. Overall the penetration test team found over 50 vulnerabilities of which 10 were high priority and had to be fixed. Case Study 5: Managed Service Provider # of Employees 12 Service Performed Monthly Monitoring GBMS Tech deployment was contracted to perform monthly monitoring for a Managed Service Provider in their data centre. Our Trident Network Protection system was installed in the data centre and is monitored 24/7/365. Our team monitors all traffic in and out of the network, as well as machine activity. GBMS Tech deployment has so far been able to identify: Ransomware. Numerous firewall login attempts. Command and control activity. Key file changes on systems. With our 24/7/365 monitoring GBMS Tech deployment team can alert the MSP quickly to any vulnerabilities or incidents that are occurring. In conjunction with the MSP, fixes are either performed by GBMS Tech deployment or the MSP.

5 Technical White Paper United States Bank Botnet Attack Industry Type United States Regional Bank # of Employees 287 Service Performed Trident Network Protection Purpose To establish a level of network protection and alerting for potential hacks and threats to the network Operations The Trident Network Protection devices was installed at both datacenter used by the bank client. All Internet and network traffic was routed through these data centers therefore the Trident Network Protection product could examine all traffic travelling through to the Internet from each bank branch. Typical Trident Network Protection standards of practice call for a two-week baselining period in which the GBMS Deployment team will examine the network traffic and learn the system. The baselining period was immediately interrupted due to a potential network invasion attempt that could be prevented by the deployment group before any damage was caused. The GBMS Deployment Group was immediately notified via alerting on the GBMS SOC dashboard that the bank data center was receiving millions of connection requests from 2,000+ IPs addresses originating from the Russian Federation. Using the current standards of practice of GBMS Tech, Ltd., the deployment group investigated the connection requests and determined that there was a botnet network attempting to make a brute force connection to the servers located at the data center using a standard RDP port of During the potential attack, there were over 4.5 million requests made in a 30 minute period. Working with the CIO and IT staff at the bank, the GBMS Deployment group could get the region of the Russian Federation blocked so that all incoming requests would automatically be denied at the firewall. Port 3389 was blocked at the firewall as there was no business need. The connection requests were immediately stopped.

6 Technical White Paper Federal Defense Contractor Industry Type United States Federal Contractor # of Employees 404 Service Performed Trident Employee Monitoring Purpose The GBMS Deployment group was contracted by a prominent United Stated Federal IT Solutions contractor in the Baltimore, MD area to establish a baseline of employee monitoring and discover and potential security breaches or examples of employee theft. The GBMS Deployment group was specifically hired by the majority shareholder to determine the ethical performance of a minority shareholder that was currently in the process of being bought out of the company. Operations The GBMS Deployment Group installed the Trident Employee monitoring product on all employee machines using the stealth method of posing as an IT employee that needed to run an update on the machines along with using Active Directory automated installation. The GBMS Deployment Group performed an exhaustive investigation into the operations and employees at this operation. Our team could identify the follow breaches: Key employee (Co-owner) embezzling cash disguised as payroll bonuses. Recruitment staff downloading entire resume databases before resigning and taking positions at new companies. Collusion amongst key employee and CFO against majority owner of the company. Due to the efforts of GBMS Deployment Group the majority owner of the company was able to prosecute a former recruiter for theft of IP, and reduce the buyout offer for a minority shareholder from $3.5 million dollars to $1.5 million dollars.