The problem
With offices in 38 countries and more than 16,000 employees, this large financial institution served a wide range of unique clients, including extremely wealthy individuals and foreign governments. Nearly all of the expansive amount of information they held on their system was highly sensitive: bank account numbers, private corporate financial data, even home addresses for billionaires and international celebrities. Naturally, ensuring the system’s security was impenetrable was top priority. So, when a routine penetration test revealed that a public-facing app was highly vulnerable to a structured query language injection (SQLi) attack, there was no time to waste.
In these types of attacks, hackers manipulate databases to reveal the most sensitive types of information. In a worst case scenario, the hacker could even gain administrative rights to the database—a scenario the financial institution had to avoid in order to protect their customers, and themselves. It was clear that an institution of their size, boasting a roster of clients with very large bank accounts, was an irresistible and incredibly lucrative target. They knew an attack was imminent. And, they knew RedShield could save them.
The solution
In less than a day, RedShield produced an application shielding plan to protect the financial institution’s system from SQLi attacks. The solution transformed all user input to text, disarming an attempted attack. At the same time, it wouldn’t block any legitimate users.
The results
A third-party security expert conducted penetration testing, and confirmed that the RedShield approach was effective. A second expert even attempted to simulate an attack, and failed miserably. RedShield successfully completed a full deployment, and the financial institution, their customers, and their livelihood were all protected.
Once again, RedShield was ahead of the hackers—way ahead.
Today, RedShield continues to stand guard:
- Monitoring the firm’s tools and systems 24/7
- Auditing the application defenses weekly
- Responding to any customer queries or application updates
- Delivering monthly analyst reports
“RedShield responded with the speed and accuracy that we needed. Dual confirmation from security audit companies has given us confidence in their shields. The fact that no customers can be blocked by mistake is also a bonus, and something I was not aware was possible before this engagement.”
— Financial Institution Executive
