GLOBAL MULTIMEDIA COMPANY
With more than 100 print publications, plus some 60 websites that attract 150 million digital visitors each month, this customer is one of the world’s largest and most respected media organizations. The company initially engaged Polyverse to secure an open-source distributed search and analytics engine. Located in the production area of the firm’s media division website, this technology lacked any kind of built-in security, and was therefore an attractive target for hackers.
Polyverse transitioned the system to a container-based architecture (a process that took less than an hour), then deployed two instances of our moving-target-defense solution in front of the search and analytics engine, constantly cycling how incoming HTTP requests are routed. This approach means that any attempt to breach the system has only a few seconds to succeed—making it essentially unhackable—while adding only a few milliseconds of latency.
The result is an immensely secure digital front-end for the company, with the added benefit of Polyverse’s monitoring and logging software producing customized metrics to measure and assess the system’s security in real time. The customer’s vice president of engineering subsequently noted that “Polyverse is a security game-changer for us.”
cloud networking COMPANY
This customer is a networking provider that uses cloud technologies to make networks easier to design, deploy and manage. It engaged Polyverse to ensure the cyber-integrity of its key cloud-enabled network-management solution, which centralizes the management, provisioning and monitoring of wireless networks without sacrificing distributed intelligence located at the edge of the network.
Before Polyverse’s technologies were deployed, security penetration testing was carried out by leading third-party experts with backgrounds at major U.S intelligence agencies. The testers were able to determine much about the internal structure of the customer’s technologies, associated APIs, certificates, and other data that would enable a hacker to infiltrate, analyze and compromise its solution.
Polyverse’s solution was then deployed, including the containerization and rapid recycling of the customer’s web-server and web-interface software—making it near-impossible for an attacker to establish a foothold in the system—together with binary code scrambling to thwart any attempt to leverage unknown or unpatched vulnerabilities.
Another round of penetration testing was conducted, with zero success. The tester noted that all attack paths had been mitigated, and that he could not gain any insight into the structure of the customer’s application that would enable a successful attack.
A government-sponsored organization, this customer is tasked with creating data-sharing partnerships across a range of federal agencies to deliver greater levels of situational awareness, and enable more accurate and timely decision-making. It handles a diverse array of classified and unclassified data. Polyverse was contracted to secure the organization’s principal risk-assessment and management application, which is used both internally and by its partner agencies.
The application targeted for securing via Polyverse’s moving-target defense (MTD) posed a number of challenges. It had been custom-developed by a now-defunct contractor, had no “out-of-the-box” components, and had been subject to a series of custom workarounds over the years. Consequently, its underlying code was not well-understood by the customer. Moreover, it ran on an obsolete operating system that did not support Docker, which Polyverse leverages extensively in its cybersecurity suite.
Because of this, at no additional cost we deployed our “concierge” team to work with the customer’s engineers to untangle the application’s code, identify potential security (and reliability) issues, and migrate key aspects of the system to a newer open-source platform. We were then able to containerize the application and deploy Polyverse MTD to secure it—a deployment that the customer is now eager to expand across other parts of its organization.