“I want to truly understand how good my cybersecurity program is,” says John Shaffer, CIO of Greenhill & Co., a leading investment and financial advisory firm with 15 offices worldwide. For the past 17 years, Shaffer has overseen the infrastructure and security that keeps Greenhill running and secure.
Maintaining an up-to-date picture of Greenhill’s global attack surface was a constant challenge for Shaffer and his team.
As Greenhill evolves, shadow IT and the potential for blind spots, misconfigurations, or gaps in the security program were of increasing concern. As the threat landscape changes and the security program advances, the fundamental question remains: “How effective is our security program at protecting what is most important to Greenhill?”
Shaffer was looking for a solution that would not only reveal weaknesses and validate existing investments, but train and challenge Greenhill to elevate its security program.
Starting from a single email address, Shaffer’s team used IBM Security® Randori Recon software to surveil Greenhill’s external attack surface and find systems the team didn’t know were exposed to the internet. With the help of Randori Recon’s prioritization engine, Target Temptation, the team patched, reconfigured and deployed new controls to protect their most tempting targets.
Then, it was time to move beyond models to the real-world with IBM Security Randori Attack Targeted software. Shaffer authorized the software to automatically attempt critical objectives, such as accessing sensitive file shares hosted on Greenhill’s internal network. Emulating an authentic adversary, the Randori Attack Targeted platform gained initial access by executing an exploit for an undisclosed vulnerability on the company’s perimeter infrastructure.
The scenario allowed Greenhill to train an “assume compromise” scenario. When facing new exploits, misconfigurations or stolen credentials, patching isn’t a way out: teams must effectively detect and respond. This requires the right products deployed effectively, the right set of incident response processes and a team experienced in execution. The goal of the Randori Attack Targeted platform is to train and optimize these defenses.
With authorization in place, the Randori Attack Targeted software pivoted through controls to achieve persistence and lateral movement—creating an opportunity to exercise Greenhill’s detection and response capabilities. At each stage in the kill chain, Shaffer had visibility into executed actions and which defenses worked successfully, and which did not. This revealed the need for increased reporting at key points in the network, and the optimization of detection rules in the company’s SIEM solution. With changes in place, the team ran it back with the Randori Attack Targeted solution to confirm implementation and reduce “time to contain.” But that wasn’t a stopping point. The Attack-Defend process is continuous—the Greenhill team receives notifications from the solution as their attack surface changes and can test against new and emerging attacker techniques.
With the combination of Randori Attack Action Reports and Randori Recon Target Temptation, Shaffer can measure efficacy—what’s working, what’s not—and better invest across his security program. “Seeing authentic attacks on our network gives me a powerful narrative to share with leadership,” Shaffer says. “I can validate what’s working and build up my team.” Through the adoption of a unified offensive security platform, Greenhill is able to act faster, drive team efficiencies and extend its security expertise.
Greenhill (link resides outside of ibm.com) is a leading independent investment bank focused on providing financial advice globally on significant mergers, acquisitions, restructurings, financings and capital advisory to corporations, partnerships, institutions and governments. Headquartered in New York City, Greenhill employs 400 people and has offices across North America, Europe, and Asia-Pacific, and an alliance partnership in Israel.
Legal
© Copyright IBM Corporation 2023. IBM Corporation, IBM Security, New Orchard Road, Armonk, NY 10504.
Produced in United States of America, July 2023.
IBM, the IBM logo, ibm.com, and IBM Security are trademarks or registered trademarks of International Business Machines Corporation, in the United States and/or other countries. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on ibm.com/trademark.
Randori is a trademark of Randori, an IBM Company.
This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates.
All client examples cited or described are presented as illustrations of the manner in which some clients have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual client configurations and conditions. Generally expected results cannot be provided as each client's results will depend entirely on the client's systems and services ordered. THE INFORMATION IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided.