Media and Resources

eBook
The Case for Security
in the Cloud

Whitepaper
Cybersecurity 2028

Brief
Future SOC

 

Workbook
PCI Compliance in the AWS Cloud

 

Fact sheet
Typical Sherlock Deployment

Fact sheet
Sherlock Basics

Sherlock Animated Explainer video 1:24

Learn the mission of Sherlock in this quick animated video.

Sherlock Culture Video 3:14

It takes a lot to work at Sherlock. Explore our culture in this video.

 

Security as Code 37:39

Anitian and Sherlock CEO Andrew Plato takes you into the future of security operations in this valuable presentation.

 

COMING SOON

Sherlock SIEM Overview

Peek under the hood of the SIEM our analysts use to keep our customers safe and informed.

 

Data Commingling

Cybersecurity Trends

People, Tech, and Process

Compliance as Code – 2018

INDUSTRY:

Healthcare

 

THE CHALLENGE
Monitor and manage security across three global regions from a single, centralized console.

 

THE SOLUTION
Augment AWS security with complete protection for cloud workloads

 

SERVICES
Sherlock Cloud Security

 


 

INDUSTRY:

SaaS

 

THE CHALLENGE
Deploy a PCI-compliant environment that scales and flexes with a growing SaaS business

 

THE SOLUTION
Conduct a risk assessment
Quickly deploy automated architectures
Verify compliance

 

SERVICES

Anitian PCI Architecture
RiskNow Rapid Risk Assessment
Sherlock Cloud Security

Introduction

In 2018, World Web Technology (WWT) approached Anitian with a challenge. They wanted to move a payment application into the cloud. They were considering Azure, Google, and AWS. They needed a flexible, auto-scaling environment that was also compliant with the Payment Card Industry Data Security Standard (PCI DSS).

Anitian proposed a package that would quickly deliver a compliant infrastructure in the AWS cloud. Using a combination of Anitian development software, native AWS automation, and third party security tools, Anitian was able to make WWT PCI compliant in a fraction of the typical time.

Anitian’s PCI Cloud Architecture

The first part of this service was Anitian’s PCI Compliant Architecture. This is a pre-configured AWS environment that provides a secure application hosting environment. It is specifically designed and configured to meet the requirements of the PCI DSS.

Some of the components of this architecture include:

  • Server images (called AMIs) pre-hardened to meet PCI requirements
  • Segmented network topology with strong access controls
  • Perimeter firewall
  • Web application firewall
  • Endpoint security, which offers system-level anti-malware, file integrity monitoring, intrusion detection, and configuration management
  • Identity and access management
  • Multi-factor authentication
  • Security Information and Event Management (SIEM)
  • Vulnerability management
  • Compliance monitoring
  • Auto-scaling

Since Anitian automates the deployment, we were able to stand up this architecture in just days. All we needed was a little bit of configuration data from WWT to get going.

Sherlock Managed Detection and Response

In addition to providing a pre-configured, pre-hardened architecture, Anitian also included our Sherlock Managed Detection and Response services. This provides round-the-clock security and compliance monitoring. Moreover, it includes an annual risk assessment. Risk assessments are not only a best practice for any environment, but also a PCI requirement.

PCI Compliance Assessment Included  

Furthermore, Anitian also provided a complete suite of services to assess, test, and certify WWT’s environment compliance with the PCI DSS. Once the code was deployed, Anitian had all the relevant artifacts to rapidly certify the environment.

Benefits

The combination of Anitian’s PCI Architecture, Sherlock Managed Detection and Response, and PCI Assessment services enabled WWT to launch a fully compliant AWS environment faster and at lower cost than traditional deployments of this type of secure environment. Because Anitian used native AWS automation and configuration features, the deployment, setup, and management of this environment was largely automated. Also, since WWT deployed on AWS, and used AWS services, they could leverage AWS’s PCI certification service as well.

All of this reduced the administrative burden on WWT. It allows them to focus on developing their software and serving their customers.

Conclusion

Anitian’s AWS cloud architecture development will provide WWT with application testing and production features that provide scalability, security, and flexibility as the company grows its services. Housing application resources and Anitian’s full stack of security products in AWS will help WWT comply with PCI and streamline its business growth needs.

 


INDUSTRY:

Finance

 

THE CHALLENGE
Limited personnel and resources
High value data
Regulators demanding better security

 

THE SOLUTION
Conduct a full risk assessment
Quickly deploy security monitoring
Use automation to sift through data and spot any issues

 

SERVICES
Sherlock Cloud Security
Sherlock Managed SIEM
RiskNow Rapid Risk Assessment

A regional bank engaged Sherlock to provide managed security operations and threat hunting. This bank was growing, rapidly. Leadership was deeply concerned about a breach, and how it could jeopardize their business plans.

This client had a small IT department that was overtaxed on other projects. Existing tools were not providing effective defense. Moreover, regulators were pushing this organization to improve security after concerns from a previous audit.

Anitian began this engagement, like all our managed security engagements, with a RiskNow Rapid Risk Assessment. A team of analysts worked side-by-side with the client’s IT team to thoroughly review every aspect of their business. In about 10 days, we delivered a Business Risk Intelligence Report and Threat Matrix for the bank’s leadership. A copy of that same report went across the hallway to the Sherlock Cloud Security team.

While the RiskNow team was on-site, our Sherlock Cloud Security team deployed our innovative platform in AWS. Thanks to our sophisticated automation, the platform was fully up and running in about 2 hours. When the team got a copy of the RiskNow Business Risk Intelligence Report, they immediately went to work customizing and tuning the platform to focus on the threats this business faced.

In just a few days, the Sherlock Cloud SIEM had identified suspicious traffic. Our Sherlock Rapid Response team sprung into action. Forensics revealed the presence of a sophisticated, persistent malware on a number of laptops. A foreign hacking group had targeted this bank.

Systems were cleaned and the malware eradicated from the environment. Fortunately, Sherlock was on the case just in the nick of time to crack the case and stop a breach before it every happened.

While the client had an existing next-generation firewall and endpoint antivirus, neither of these products detected this malware. The Sherlock Managed SIEM and our team of threat hunters detected, tracked, and eradicated this malware

THE BOTTOM LINE
Sherlock Cloud Security spotted, tracked, and stopped a breach before it ever happened.

 


 

INDUSTRY:

Retail

 

THE CHALLENGE
Stop criminal activity inside a large, high-profile company
Provide legal counsel and law enforcement reliable hard evidence
Avoid publicity as this was an insider threat

THE SOLUTION
Conduct focused network monitoring under the ruse of a penetration test
Get the suspects to reveal evidence in on-line “dark web” forums
Use creative technical approach to recover deleted evidence

SERVICES
Sherlock Digital Forensics and Incident Response
Sherlock Breach Intelligence
vCISO
Ring.Zero Penetration Testing (for the ruse)

A large, global retail company engaged Sherlock to help with an extremely sensitive security issue.

Multiple individuals within the company were engaged in criminal activity. When this activity was discovered, the perpetrators attempted to erase evidence of their malfeasance. The company was deeply concerned about negative publicity and disruption to the business. While the activity was illegal, there was no direct threat to customer data or employees.

We had to perform a legally sound investigation discreetly and without disrupting business operations and attracting attention.

We conducted a sophisticated month-long investigation into the activities of the suspects. We staged a series of on-line counterespionage efforts to gather intelligence. In the process, we obtained irrefutable evidence of criminal activities, even after the perpetrators had attempted to delete it.

This company’s business operations remained unaffected as we disguised our efforts with a series of ruses and misdirection to avoid publicity. Ultimately, law enforcement and legal counsel was able get a full confession from the suspects and resolve the matter. The investigation stopped millions of dollars worth of theft and abuse of company assets.

This company specifically chose us because they needed an team that could analyze more than just computers, but also business processes, technical configurations, and organizational cultural issues. They needed the creative thinking of Sherlock.

THE BOTTOM LINE
You have never heard of this incident, and that was the point. The bad guys were caught, the issue resolved, and the company remained off the news and social media.

Intrigued?

New Content from Sherlock

eBook

The Case for Security in the Cloud

Video

Security
as Code

Brief

The Future
SOC

Workbook

PCI in the
AWS Cloud