One of the largest pharmaceutical companies in the world, headquartered in Switzerland, has products available in 155 countries and employs approximately 110,000 worldwide. The company is a proven leader in investing in research and development, and, in 2020, was ranked in Fortune magazine’s Most Admired Companies Pharmaceutical Industry list.
This global pioneer has been utilising IntSights for the last two years in various capacities, including detection and remediation of data exposure on GitHub repositories, phishing domains, and rogue applications associated with various brands. The company receives hundreds of thousands of Indicators of Compromise (IOCs) every day, and, in a month, that number climbs into the millions. When the company was looking for a solution to manage all of these IOCs in one place, it again turned to IntSights.
The challenge
Although the company is a large organisation with hundreds of analysts, it was simply too time-consuming for the Security Operations Centre to manually correlate the daily deluge of IOCs. A threat intelligence researcher for the pharmaceutical company had to find a way to efficiently investigate and manage every single occurrence.
Aggregation and integration with Splunk for analysis proved to be the logical solution
“If you want to get a better idea of who is targeting you, where they are targeting you, and whether they are successful or not, you have to correlate the data,” the researcher said.
Another pain point for the company was not being able to extract all the valuable information from every IOC. Aggregation and integration with Splunk for analysis proved to be the logical solution. “It became a serious necessity for us to get a hold of these IOCs using the IntSights platform and through Splunk, where we have all of our logins for different security controls, firewalls, email gateways, and endpoint detection and response (EDR) tools. The IntSights app for Splunk just made sense for us.”
IntSights application for Splunk
The IntSights Application for Splunk is a unique bidirectional integration that correlates, enriches, and manages organisation-specific vulnerabilities, and offers the ability to easily conduct comprehensive, IntSights-driven investigations inside Splunk.
Installing the application was fast and easy, and, after a bit of customisation, the company was able to start leveraging the solution immediately as the correlation process became automated.
“We started to see the information we never had a chance to look at previously,” the researcher said. “We had actual matches and hits, and we knew where they happened and whether it was our email gateway or a domain. The application truly answered our need to have all the IOCs managed in one place. We now have a great dashboard where we can see the severity of the IOC as well as the context, which is very important.”
Easy to understand and saves time
The greatest benefit IntSights is that it saves time for analysts by providing vital context and automating the IOC process
The greatest benefit IntSights delivers to one of the largest pharmaceutical companies in the world is the amount of time it saves analysts by providing vital context and automating the IOC process. Reporting capabilities have also been enhanced.
“IntSights makes it so much easier for us to report to leadership and to develop security controls based on what we’re seeing. Now we have a very defined and easy-to-understand dashboard where all the IOCs are presented, so it’s easier to manage and analyse.”
The company continues to adopt new ways to utilise IntSights, including conducting deeper dives into the organisation's overall threat level and risk exposure.
Find out about secure physical access control systems through layered cybersecurity practices.
