This Fortune 100 pharmaceutical company has tens of thousands of employees with a mix of full-time, contract and subcontractor roles. The company produces intellectual property that has high value to nation state attackers, but needs to balance locking down security in the company with business velocity.
Note: Elevate respects that some of our customers prefer not to publicly state which security vendors they use. As such, we have removed the client's name and anonymized specific details in this case study.
- Protect highly sensitive intellectual property from compromise while balancing business speed
- Embed Elevate’s threat intelligence into other systems and give employees feedback
- Complement current SIEM/UEBA solution to not only identify bad actions, but to orchestrate it to prevent bad outcomes
- Visibility into company, department and individual key risks that may lead to breaches
- Out of the box recommendations based on key insights from data
- NIST-based playbook automation that allowed precision in proactive response and controls
At the heart of the challenge this Fortune 100 pharmaceutical was facing was the question, "How do we protect our company IP from sophisticated attackers while still enabling the company's scientists and others to operate at maximum safe speeds in an environment where time to market is critical?"
Balancing these two realities required a solution that truly understood the individual risk profile of every user (full-time, part-time, and sub-contractor) presented to the business, which specific risks were present, and a way to automate enabling the right level of protection to helped the security team stay ahead of incidents and breaches.
Recent data breach estimates for the pharmaceutical industry peg the average intellectual property breach at an average cost of millions, so the challenge at hand is critical to get the balance right.
Going Beyond Insider Threat
The security team had already implemented SIEM, SOAR and Insider Threat tooling, but found that it was reactive by design. It helped when responding to incidents, but lacked insights to help the team be proactive when addressing risks and defending the organization.
While Insider Threat was and still is a worry, an analysis of the organization's insider risk profile revealed that the team could mitigate and prevent the activity of sophisticated attackers targeting their workforce and contractors. Given this refined look at the organization's actual threats. moving towards a broader view of Insider Risk was a high priority to better prevent account takeover attacks and data loss threats.
This is where Elevate Security stepped in. Elevate Security helped the organization understand every user's actions, access, how frequently they were being attacked, and the controls that were in place to protect them. With this new data view, the organization could not only gain visibility into their true risks, but take immediate action on them through the Elevate Security platform.
Finding Value Quickly - Expanding Across the Organization
The initial deployment included a small subset of the organization. Very quickly the security team realized the power of the platform and the user risk profiles available to other tools. This enabled the team to implement a series of small deployments across a number of departments. After their initial success, and upon seeing the insights and value other customers had received from the Elevate platform, they decided to expand globally across the entire organization in less than six months.
Some of the outcomes Elevate customers have seen are:
- 82% reduction in malware/ransomware and account takeover incidents
- 55% improvement in risky security decisions being made
- 47% increase in the detection of attacks targeting employees
Productive Workforce, Secure Business
The organization finally had a solution that went beyond their traditional program of one size fits all controls and relying on detection to catch threats fast enough. The Elevate Security platform enabled the security team to pinpoint where key business risks were and which users represented that risk, but gave them the tools to enable maximum safe speeds to the business. Users who were riskier were given tighter security controls and policies and those who were less risky were given more freedom.
In the end - a win-win for the security team and the business!