Real world case studies and scenarios of Trusted Knight solutions
The Association of Banks in Israel Wards Off Web Vulnerabilities
The Association of Banks in Israel (The Association) oversees all commercial banks in Israel. Operating as a non-profit, The Association’s goal is to promote effective dialogue with legislative branches, as well as public and private institutions, regarding all matters of banking. Given their affiliation with the Israeli banking industry, The Association is under constant threat of web-born attacks, especially concerning is website defacement and targeted DDoS attacks. In looking for a solution to their concerns, The Association was interested in finding a single-solution to protect their website from the full-spectrum of web-based attacks from DDoS attacks to exploitation of zero-day vulnerabilities. The Association chose Cloud-DMZ as the most straight-forward solution meeting all of their key requirements. Cloud-DMZ provides intelligent web application security and DDoS protection by actively scanning an application, understanding its functionality and serving traffic from a secure, cloud-based replica of the website.
Read more here on how The Association remedied their vulnerabilities with Cloud-DMZ.
Emovis Keeps UK Tollways Open with Cloud-DMZ
Emovis is the leading service and delivery arm of Abertis in the global market for management of electronic tolling and smart mobility solutions. With their focus on keeping motorists moving through electronic tolling around the globe, they are a clear target for web-based attacks on their ecommerce applications. When Emovis was chosen by the UK government for a seven-year contract to operate the Dartford Crossing, where more than 160,000 vehicles pass daily, it came with rigorous digital standards required for all government agencies and service providers. Emovis was up for the challenge of finding the right solution to a variety of requirements. Emovis selected Trusted Knight’s Cloud-DMZ as the best preventative solution in combating DDoS attacks and other web-born vulnerabilities. Cloud-DMZ is a true cloud-based web application firewall (WAF) and an alternative to a conventional DDoS mitigation solution. The Cloud-DMZ approach processes web systems to understand the application and how users access information, and then creates an agile replica of the original website to respond instantly to requests, reducing the need for back-end processing. The secure replica website is deployed in the cloud and can easily scale when a volumetric attack grows. As a result, Cloud-DMZ contains any level of DDoS attack without impacting user experience and with virtually no attention from internal IT or security teams.
For details on how and why Emovis implemented the Cloud-DMZ solution read more here.
Keylogger Theft of Consumer Online Credentials
On December 26, 2014, a group of criminals claiming affiliation with Anonymous released a file of more than 13,000 credentials for sites including Walmart, Amazon, Playstation Live, and Hulu Plus. These were clearly obtained from keylogging botnets and almost certainly represent only a portion of the credentials captured from the compromised computers as the attackers likely kept the higher-value data for themselves. Unfortunately this type of “data dump” has become so common as to be nearly unremarkable; if there is anything unique about this specific scenario it is that “only” 13,000 username and password combinations were released.That such an event borders on the quotidian is evidence of the ease with which unsophisticated attackers can wreak widespread havoc. They simply need to spread a wide enough net via malware-infested web sites and phishing attacks and wait for their catch. Deployment of such malware has truly become turn-key. While the victims in these cases are regular consumers, the financial impact is felt by the Amazon’s and Sony’s of the world who must manage the resulting fraud. Protector would have prevented even customer’s compromised computers from having credentials harvested therefore, from becoming fraud.