Thu, Mar 28, 2024
An asset management company based in the UK sought to enhance security visibility across its hybrid infrastructure and allow its in-house IT team to shift focus from detection to remediation of threats. The company was acutely aware of the potential harm a data breach could inflict on its reputation and client relationships and wanted to minimize these risks while adhering to regulatory requirements, including those set forth by the Financial Conduct Authority.
Despite a long-standing commitment to cybersecurity, the company faced a challenge due to the absence of a dedicated security team. Consequently, it struggled to obtain a full picture of security events across its environments. The goal was to enhance its security capabilities to detect and respond to threats, a task unattainable with only its in-house resources.
Prior attempts with numerous security information and event management (SIEM) and endpoint detection and response (EDR) platforms proved unsuccessful. These tools failed to provide a cohesive or centralized view, as the alerts were scattered across disparate systems. Predominantly, false positives were being generated and the tools retained limited logs of activity, making it challenging for the in-house team to investigate historical incidents, analyze trends or conduct threat hunting.
Following discontentment with multiple SIEM and EDR tools, the company recognized the need for specialized support from a Managed Detection and Response (MDR) provider. To ensure that Kroll Responder was the ideal solution for their security needs and would deliver the desired results, a proof of concept was conducted.
Kroll Responder offered the necessary network and endpoint technologies along with their invaluable expertise and a result-oriented methodology. Kroll’s global security operations center (SOC) teams tirelessly investigate and assess alerts around the clock, 365 days a year, offering actionable remediation advice for the in-house team to swiftly and effectively respond to incidents.
By seamlessly integrating Kroll’s threat management platform into Kroll Responder, the company successfully achieved a centralized and heightened level of visibility. All threat notifications now arrive within a singular, streamlined platform, eliminating the need to navigate across multiple technologies. Through the delivery of precise incident notifications, Kroll Responder significantly optimized the operational efficiency of the in-house team, ensuring focused investigation solely into alerts validated as genuine threats.
Our partnership with Kroll frees up our time and gives us the reassurance that our infrastructure and assets are being proactively monitored. We’re very pleased with the service we receive. Across the whole service, whether it’s the global security operations center (SOCs) team or the program management team, Kroll looks after us very well.
Unified Visibility
Through the adoption of Kroll Responder, the company achieved a comprehensive and centralized view across its environments. This streamlined approach allowed the company's IT team to prioritize their focus, knowing that Kroll Responder verifies the authenticity of security alerts. Kroll's threat management platform further enables the company to comprehensively monitor its environments, manage security incidents and attain its desired security outcomes—all through a unified solution.
Enhanced Security Capability
Before partnering with Kroll, the company's small IT team lacked the capacity to respond to and assess the multitude of security alerts generated by the various detention technologies being tested. The support provided by Kroll's global SOC teams offers assurance that critical security events won't go unnoticed, ensuring swift and effective responses 24/7/365.
Greater Return from Security Tools
The company had previously invested in multiple security technologies but found that they were not delivering the desired value. Collaborating with Kroll has enabled them to maximize the effectiveness of these tools, ultimately achieving a better return on investment.
Historical Overview
Unlike the previous threat detection tool, which had limited historical data retention, Kroll stores and analyzes security logs and data for up to 12 months. This extended historical insight enhances threat detection and enables the observation of trends over a longer time frame.
Secure Cloud Migration
Kroll played a pivotal role in supporting their client’s transition from private to public cloud, ensuring service continuity and effective monitoring of both on-premises infrastructure and cloud-based services, including the monitoring of Microsoft 365.
The Latest Threat Intelligence
The company values Kroll's weekly Threat Intelligence updates, which provide the team with a clearer overview of the security landscape and the vulnerabilities that require prioritization.
Ultimately, by choosing Kroll Responder, Kroll’s award-winning managed detection and response (MDR) service, the business now benefits from an extended monitoring capability and additional expertise to identify and respond to security incidents faster and more effectively, 24/7/365.
Need help staying ahead of a complex challenge?
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Kroll Responder managed detection and response for Microsoft delivers enriched telemetry, frontline threat intelligence and Complete Response capabilities to maximize the value of your native endpoint and cloud technology.
Immediately elevate your Office 365 security with 24x7 monitoring, analysis, and automated response using Kroll Responder for Office 365. Detect and respond to threats targeting email, Sharepoint, and third-party plugins leveraging frontline threat intelligence.