Brazilian Labor Court protects highly sensitive personal and legal information with CyberArk

TRT8 Secures 2,500 Endpoints and 200+ Servers Following a Surge in Cyber Attacks Targeting the Brazilian Legal System

Summary

Tribunal Regional do Trabalho da 8ª Região (Regional Labor Court – 8th region – TRT8) located in Northern Brazil has experienced an unusually high volume of cyber attacks and so a plan was initiated to build a strong and robust Identity Security program using CyberArk.

The Portuguese version of the story can be found here.

Company profile

Tribunal Regional do Trabalho da 8ª Região (Regional Labor Court – 8th region – TRT8) is a judiciary body tasked with resolving employer and worker employment relationships in Northern Brazil. It adjudicates on issues related to employment such as workers’ rights, disputes and unions in the states of Pará and Amapá. The organization is located in Belém, the capital of Pará state.

Employees: 1,800

Challenges

In March 2022, the Ministry of Justice and Public Security in Brazil launched its Cyber Tactical Plan designed to quell the growing number and intensity of cyber attacks that the public sector, and judiciary in particular, were facing. Since the COVID-19 pandemic, cybercrime in Brazil has increased dramatically. This is reflected by the fact that cyber insurance in Brazil grew 40% in 2022, according to the Brazilian National Council of Insurers, and cyber security spending is expected to exceed $1 billion. This was of particular concern to the Tribunal Regional do Trabalho da 8ª Região (Regional Labor Court – 8th Region – TRT8) in Northern Brazil. The country’s Supreme Court of Justice and another regional judicial court had suffered repeated attacks because of lack of effective privileged access and security identity tools.

“The cyber attack landscape in 2019 and 2020 was chaotic, especially to judicial institutions. As a public organization, we are continuously on the lookout for new and more attacks,” said Marco Aurélio Rêgo, Information Technology Secretariat Director at TRT8. “We need to ensure quality of service to users, provide information security and business continuity, and maintain a secure and functioning IT structure that supports our business operations.”

The pressure was on for Rêgo and his small, four-strong information security team. Additionally, TRT8 had recently digitized its court case management system which meant that all information related to court procedures, including highly sensitive personal information about individuals involved in employment disputes, was now digital. Although TRT8 had developed a robust security strategy, securing privileged access to this sensitive data was one area that needed to improve.

TRT8 had little control over users and passwords with access to this information, and privileged access was decentralized for those who had it. It was difficult to enforce security information policies such as regularly changing and updating passwords; implementing policies such as changing passwords every six months was manual and time consuming. Endpoint protection relied on a basic anti-virus tool. If there was a virus or malicious attack and passwords or privileges were compromised, the attack could disseminate throughout the network and harm court operations.

“The impact of an attack or ransomware on data continuity would be devastating. Litigations would be disrupted, and lives of individuals severely affected,” stated Rêgo. “For me, cybersecurity is an endless cat and mouse game. We build a new defense, and the bad guys find a new way around it. But we are in the serious business of ensuring and protecting social welfare and justice, so we needed a solution that would give us the upper hand.”

Solutions

Using the Gartner Magic Quadrant to identify the leading players in the market, TRT8 conducted a public sector bid. CyberArk was chosen because of the company’s proven track record, quality and value for the money, despite other judicial organizations in Brazil using an alternative solution.

Using CyberArk, TRT8 has built up a strong Identity Security infrastructure using CyberArk Endpoint Privilege Manager and CyberArk Privileged Access Manager (PAM) Self-Hosted. With CyberArk PAM, TRT8 has centralized and automated control over access to over 200 servers by centrally managing privileged accounts and rotating passwords. CyberArk integrates seamlessly with Microsoft Active Directory to automatically monitor users mapped to TRT8 multifactor authentication servers. One feature that Rêgo particularly likes is the ability to automatically record behavior in user sessions to satisfy audit and compliance. Rêgo described this value as “the icing on the cake.”

CyberArk Endpoint Privilege Manager is deployed on all 2,500 endpoints, and provides solid endpoint security foundation, complemented by an anti-virus. This Defense-In-Depth approach allows to enforce least privilege on the endpoints, actively defend credentials stored within the operating system and third-party applications, provide reliable protection from ransomware, and maintain visibility and control over the entire endpoint infrastructure.

The solution was deployed using CyberArk Customer Success Manager and CyberArk Consulting Services, with support from IT Protect, CyberArk’s business partner.

TRT8 has already embarked on the next phase of its CyberArk solution with the purchase of CyberArk Conjur Secret Manager Enterprise. The organization will use it to secure credentials required by applications, scripts and other non-human identities.

Results

Because TRT8 has invested in the CyberArk solution, it quickly became one of the least vulnerable to attacks and one of the best protected regional justice organizations in Brazil. With privilege enforced and a centralized audit trail of privileged access, TRT8 is also better positioned to meet and comply with tough government data and identity protection regulations such as Brazil’s General Law of Data Protection.

One of the most important benefits of CyberArk has been saving many hours spent by the security team firefighting incidents and manually searching for and analyzing incident information, because the number of incidents dropped dramatically. It has freed up staff to work on more important, productive and added-value work. “The adoption of CyberArk has been crucial to TRT8 business operations. The solution delivers a big step in terms of quality and security of our IT services,” shared Rêgo. “We have a small security team, but now the team can manage that information, make decisions, investigate more when necessary or even act directly. We are less reactive and more proactive when it comes to our security information decisions.”

Access to the CyberArk ecosystem has been as important to TRT8 as the security technology. “We did not just buy a solution from CyberArk. We also invested in the partnership with CyberArk and its partner IT Protect,” said Rêgo. “Today, not only do we have the software; we also have monthly support and access to the knowledge, experiences and expertise that CyberArk offers.”

With CyberArk in place and providing a platform for continuously improving cybersecurity in the future, Rêgo believes TRT8 is better poised to operate safely and protect the community and employees it serves. “I have worked with labor justice for 21 years and I always say that this is not just individual justice, it is justice for all aspects of employment,” concluded Rêgo.

“We are here to guarantee the rights of every side of employment and the data we deal with has a huge social impact. This is why it was so important for TRT8 to invest in an effective and market-leading security tool like CyberArk.”
Marco Aurélio Rêgo, Information Technology Secretariat Director at TRT8

Key benefits

  • Makes TRT8 one of the best protected regional justice organizations in Brazil
  • Improves compliance with government data and identity protection regulations
  • Builds a strong and robust privileged access management and Identity Security infrastructure
  • Enforces least privilege and protects credentials on workstations and servers
  • Reliably defends amidst a surge in cyber attacks on the Brazilian legal system
  • Reduces time and effort spent firefighting security incidents and delivers ROI
  • Frees up staff to focus on more valuable, productive operations
  • Creates a stable foundational platform for improved cybersecurity in the future

Talk to an expert

Understand the key components of an Identity Security strategy

Get a first-hand look at CyberArk solutions

Identify next steps in your Identity Security journey