The Pondurance Security Operations Center (SOC) team works 24/7 to monitor, prevent, detect, investigate, and respond to cyber threats around-the-clock. Whenever we receive an alert, the team immediately goes to work to validate and determine the severity of the incidents. We act as an extension of our clients’ security teams or as their only security team with our eyes on the glass when they need it the most. Below are a few of the phishing incidents we’ve seen over the past few months:
One of our Managed Detection and Response (MDR) clients experienced our team’s swift response when the client’s employee mistakenly interacted with a phishing email that caused the initial download of a JavaScript file. Fortunately, our analytics detected the chain of associated events and generated an alert based on visibility across the client’s environment. This allowed us to catch the bad actor before any real damage could be done. We called our client immediately and stayed on a conference line with our contacts there until they were able to isolate the host and begin investigating. We acted as another set of eyes for our client and involved our highly-skilled Incident Response team to further investigate the incident.
Another client experienced a foreign login on an account. Our SOC team saw a user enter company credentials on a Microsoft Office phishing site and we immediately notified the client. Shortly after the foreign login, we detected a new inbox forwarding rule created for that account. We alerted the client immediately and asked the user to completely log out of all applications and devices. We forced a password reset on the account and stopped the foreign login from further access. The bad actor could have dug into this client’s systems and stolen data if these steps were not taken.
Another client faced a significant risk when multiple users fell for phishing attacks. We detected this by continuously monitoring network data and identifying the IPs of all compromised users. We used the client’s current endpoint detection and response software to look for connections to the phishing site. We identified which users were connected to the phishing event and which browsers they were using. We then exported this information and provided it to the client. The client was able to quickly reset credentials for all compromised users and prevent a ransomware attack.
Our clients benefit from our MDR service, a comprehensive 24/7 managed security service that applies a dynamic defense methodology, protecting clients from today’s and tomorrow’s cyber threats. We provide 360-degree visibility into our clients’ environments, removing blind spots to their endpoint, network, log, and cloud environments. Our highly skilled analysts, threat hunters, and incident responders detect and respond to threats while providing guided recommendations tailored specifically to an organization’s cybersecurity needs. Learn more about MDR in our eBook 5 Things To Consider When Choosing an MDR Vendor.
