Cyberlytic Case Studies & Use Cases

Key Statistics

  • Profiler deployed and operational across 100 virtual hosts in less than 2 hours
  • 756 SQLi attack events were identified during first month
  • 5 attacks were classified high-risk
  • 1 successful web application attack identified by the Profiler 
  • Critical data loss prevented as a result of using the Profiler 

Summary

Cyber Threat Profiler detects sophisticated attack that bypassed conventional WAF

Customer Case Study | European Web Hosting Company

 

Challenge

Cyberlytic was approached by a European website hosting company that provides website design, application development and hosting services to over 100 businesses across Europe.  The hosting company has been expanding rapidly and wanted to increase its cyber security defences to reduce the risk of system compromise and demonstrate cyber awareness to its customers.  The company’s revenue comes almost entirely from hosting services and it is therefore important that the infrastructure is constantly available and secure. The websites and applications managed by the company are hosted on a shared infrastructure.  Perimeter security controls were deployed, including ModSecurity Web Application Firewall, which had been configured to protect against gateway attacks such as SQL injection and Cross-site Scripting attacks.  However, the company had no means of monitoring attacks. Cyberlytic was asked to deploy its Cyber Threat Profiler directly onto the company’s production environment, to provide additional security intelligence and monitor for SQL injection and Cross-site scripting attacks.  It was imperative that ongoing operations were not interrupted and that user training was minimal.  The company also requested regular, actionable reporting to be provided.

Approach

The Profiler can be deployed in a number of configurations to suit the customer environment, including hosted within the Cyberlytic secure cloud. However, for this customer the Profiler was hosted locally on the customer network.  A feed from the customers ModSecurity Web Application Firewall sent data directly to the Profiler for analysis.  Due to the Profiler’s modular architecture, it was possible to deploy the product with only minor configuration change to the ModSecurity firewall.   The installation resulted in no downtime to the customer’s web hosting server and the Profiler was operational, with both the customer and Cyberlytic monitoring HTTP traffic within 2 hours. Once operational, the Profiler was configured to send email alerts to a nominated representative in the company within 1 second of a high-risk attack being identified.  This happened on 5 occasions during the first month of use.  In addition, an automated daily report was sent to the same nominated representative email, which provided a simple visual summary, together with supporting information of the attacks identified during the previous 24 hours.

Solution 

The Profiler provided a consistent and informed analysis of the HTTP traffic.  The Profiler also provided an appropriate alerting mechanism that informed the customer when a serious attack had occurred and the nature and severity of the attack. This enabled the customer to implement its Incident Response processes in near real-time. It became clear early on that the customers existing security controls were not detecting the majority of attacks that the Profiler was identifying and on one occasion, a serious attack resulted in the compromise of a server.  The Profiler immediately flagged that a very high-risk attack had taken place and notified both the customer and Cyberlytic within seconds of the event.  On this occasion, the Cyberlytic team contacted the customer directly, saving the company from financial and reputational damage. In total, the Profiler identified 5 high-risk attacks during the first month of operation, which were immediately acted on by the hosting company.

The company continues to use the Profiler to improve its cyber security defences and identify high-risk cyber attacks.

Other Case Studies

Our Work with the MoD

Continue reading

Protecting an Automotive E-Commerce Website from Online Threats

Continue reading

Protection for RETAILERS with web applications

Continue reading