An employee at a manufacturing organization accidentally visited a fraudulent site and was served a malicious download for a fake Chrome update. The download created a remote backdoor for the attacker, who was able to leverage toolsets to dump credentials and attempted to move laterally within the environment as our Security Operations Center (SOC) team stepped in.
As a Pondurance Managed Detection and Response (MDR) client, this manufacturer’s environment is monitored 24/7 by our SOC. Our SCOPE platform ingested logs from the Endpoint Detection and Response solution, and our SOC team was able to detect initial access and take immediate action. The team reported the malicious activity to the client’s security team and isolated the compromised endpoint before the attacker could take further action. Without our preestablished processes in place with the client and our ability to act quickly, the attacker could have penetrated a lot further. The attacker would have done tremendous damage to the business had he or she been able to compromise credentials and affect more endpoints.
Monitor your infrastructure 24/7 to quickly identify suspicious activity across the cloud, network, logs and endpoints.
Have an incident response plan and playbooks in place to be able to act immediately.
Perform user training related to downloading files from unknown or untrusted sources, as well as general cybersecurity awareness.
Run tabletop simulations to test internal systems against potential malware downloads.
Ensure that internal teams know how to appropriately respond to malware attacks.
Enable multifactor authentication to make it more difficult for cybercriminals to access accounts.
Regularly audit shared and service accounts for password strength and complexity.
Like our manufacturing client, you need to be prepared with a SOC team watching 24/7 to quickly detect bad actors in your system.
Stop security incidents through 24/7 detection and response.
Maximize internal resources and security investments.
Improve compliance through reporting.
Increase visibility into alerts that require action.
Rapidly accelerate security program maturity.
Lower total cost of ownership.
Learn more about managed detection and response in our info sheet: Managed Detection and Response (MDR)
Pondurance delivers world-class managed detection and response services to industries facing today’s most pressing and dynamic cybersecurity challenges including ransomware, complex compliance requirements and digital transformation accelerated by a distributed workforce.
By combining our advanced platform with our experienced team of analysts we continuously hunt, investigate, validate and contain threats so your own team can focus on what matters most.
Pondurance experts include seasoned security operations analysts, digital forensics and incident response professionals and compliance and security strategists who provide always-on services to customers seeking broader visibility, faster response and containment and more unified risk management for their organizations.
