Security Management Solutions
Security Management Solutions
Overview | Management | Board & Investors | Careers | Contact Us
Overview | NerveCenter | InfoCenter | ThreatCenter | LogCenter | InfoCenter on IBM BladeCenter
Overview | Compliance Solutions | Security Management Solutions | Network Management Solutions
Overview | Professional Services | Education & Training | Customer Support
Overview | Case Studies
Overview | Premier Partners | Strategic Partners | Technology Partners
Press Releases | Articles & News | Tradeshows & Exhibits
Security Monitoring Infrastructure & Real-Time Threat Managementy

ThreatCenter at Work


Detecting and Managing Massive Worm Infestations in Financial Services


Global Complexity, Real-Time Security. One of our customers is a global financial institution, managing transactions on behalf of millions of consumers, businesses and banks. They run a large, complex network infrastructure, and had invested heavily in IT security. Recognizing the importance of real -time responses to attacks on their corporate networks, they bought OpenService’s ThreatCenter.

Firewall on Fire. On the first day of rolling our software into production, monitoring an internal firewall, ThreatCenter’s console lit up completely red – indicating a massive attack was under way. Since other products monitoring this firewall revealed nothing, the user immediately challenged us to prove the integrity of our solution. What was going on?

Good News, Bad News. After quickly verifying that ThreatCenter was behaving correctly, we turned to the firewall itself. Unknown to the customer (and the other technologies trying to monitor the firewall), there was a massive and completely undetected port 135 Windows RPC exploit worm running rampant on the subnet. It had infected many hosts already, and was draining resources as it tried to spread. The good news was that the firewall was preventing the worm from propagating to other networks in the institution – and the other business and banks it connected with. The bad news was that this undetected, unmanaged compromise was one mis-configured policy, one unprotected laptop or one rogue wireless access point away from badly damaging a global, trusted brand. And ThreatCenter had found it.

Targeted Responses Eliminate Risk. Where other products had failed to detect the worm, ThreatCenter had discovered and correctly alerted the customer to the threat, identifying the infected hosts. After literally pulling the cable out of some of the worst offenders, the user’s security team used ThreatCenter to direct their remediation activities. By generating and emailing the “Top 10” attacker report for port 135 every night, ThreatCenter enabled the team to quickly eliminate the infestation in a methodical, prioritized manner. As a result, the users tell us that ThreatCenter scored an immediate success – anecdotally “paying for itself” – by identifying and managing just this one, high risk infestation.

The Bottom Line. No matter how comprehensive your security infrastructure, without effective real-time monitoring you risk undetected threats becoming unmanaged compromises. In this case, ThreatCenter reduced risk in monitoring just one firewall in a highly organized and technologically expert organization. Imagine what it could do for you, correlating data across multiple firewalls, intrusion detection systems, vulnerability scanners and anti-virus solutions.

 | Privacy Policy  | Copyright  | ©2002-2008 OpenService, Inc. All Rights Reserved