Tl:DR: A Large U.S. university lacked sufficient visibility into a large segment of its environment due to students' use of personal devices on university-owned networks. With an inability to use endpoint agents, the university turned to SSP to improve their network visibility, in turn discovering the presence of malware originating from a student's device.
Network detection and response (NDR) is a critical component of a comprehensive cyber defense strategy, monitoring and analyzing network traffic to identify and thwart malicious activities that traditional security measures may miss. Using a combination of automated detection algorithms, incident investigation, and threat-hunting tools, NDR enables organizations to proactively detect, investigate, and respond to threats that pose a risk to network infrastructure.
At Stamus Networks, we have enjoyed the privilege of working closely with a diverse range of organizations around the world. During our deployments, we have witnessed remarkable success stories. In each example, NDR has played a pivotal role in safeguarding networks, mitigating attacks, and minimizing the impact of security incidents.
Our ebook “In the Trenches with Network Detection and Response: Real World Success Stories” shares many of our success stories, but we wanted to share some of these stories here on the Stamus Networks Blog.
Each story provides a quick example of how NDR achieves one or more of the following three use cases:
- Threat Detection and Response
- Network Visibility and Incident Response
- Threat Hunting
The following story is that of a large United States University, and how the Stamus Security Platform (SSP) was able to leverage increased network visibility to discover the presence of a crypto wallet stealer infecting a student’s device on their public network.
How can NDR help universities?
Network Detection and Response (NDR) can help universities by providing visibility into environments where endpoint detection is not feasible. This is seen in the example of a large American university, and its experience during a proof-of-concept (POC) assessment of SSP.
The Challenge:
A large U.S. university lacked sufficient visibility into student activities due to the high number of unmanaged personal devices using the university’s public networks. Because students primarily use personal devices, endpoint detection is virtually impossible, leaving the university vulnerable to malicious traffic originating from those devices.
The Solution:
The university began a POC with the Stamus Security Platform, deploying probes on internet traffic across several of their networks. They soon received a notification from the Multi-State Information Sharing and Analysis Center (MS-ISAC) that an IP address belonging to the university was discovered as part of a malware attack. Using SSP, the university was able to investigate the claim, filter through traffic to find the malware, and ultimately determine that there was indeed evidence that the ViperSoftX crypto wallet stealer was communicating with their network through a student’s device.
The Outcome:
The university was able to block the traffic, preventing the malware from moving elsewhere on the network. Further review showed that this malware traffic was picked up by SSP and a Declaration of Compromise™ (DoC) was issued before MS-ISAC notified them, so the university would have still had the same outcome even without the tip. Unfortunately, they were unable to determine whether the student was affected by the malware, but the university was still pleased to see this type of traffic without the use of EDR agents.
What is the Stamus Security Platform?
The Stamus Security Platform (SSP) is a broad-spectrum, open network-based threat detection and response (NDR) system, delivering actionable network visibility and threat detection with:
- Greater visibility and evidence
- More complete detection
- Response-ready notifications
- Extensible threat intelligence
- Straightforward integrations
- Immediate results
Stamus Security Platform is trusted by some of the world’s largest organizations, including government CERTs, central banks, insurance providers, managed security service providers, financial service providers, multinational government institutions, broadcasters, travel and hospitality companies, and even a market-leading cybersecurity SaaS vendor.
Like these organizations, your organization could likely benefit from including Stamus Security Platform in your cybersecurity strategy.
To learn more about SSP, visit us at www.stamus-networks.com
To stay updated with new blog posts from Stamus Networks, also make sure to subscribe to the Stamus Networks blog, follow us on Twitter, LinkedIn, and Facebook, or join our Discord.
