Thu, Apr 4, 2024
A prominent logistics company was in the midst of implementing its Endpoint Detection and Response (EDR) solution to gain insights into the volume of alerts it received round-the-clock. The primary objective was to assess the alert landscape before making further enhancements to its cybersecurity strategy. As part of this evaluation, the company reviewed its alert management processes. Despite having a 24/7 response team, the team was not exclusively dedicated to security operations. Consequently, the company sought a cost-effective means to scale up the team's capacity and expertise.
During the rollout of the EDR solution and the discussion surrounding out-of-hours alert management, the company was hit with a ransomware attack. In response to this critical situation, Kroll was appointed as a digital forensics and incident response partner.
Kroll's Incident Response team worked quickly with the company to contain the threat, prevent further damage, and investigate the events that preceded the attack. Simultaneously, Kroll implemented its managed detection and response solution, Kroll Responder, ensuring 24/7 threat management while aligning with the company's overarching security strategy.
This proactive approach allowed the company to swiftly transition from crisis mode back to business-as-usual operations. With unanimous agreement on the success of the recovery efforts, the company was keen on retaining Kroll Responder’s 24/7 security monitoring capabilities and leveraging the other security improvements. Consequently, the next step involved creating a transition plan to seamlessly migrate to the company’s endpoint detection and response solution, as initially intended prior to the ransomware incident.
Kroll’s hybrid, collaborative partnership model provided our client with a high degree of control and visibility, all while maintaining 24/7 support.
Seamless Incident Response Support
Kroll's rapid incident response, facilitated by its global network of certified security and digital forensics experts, effectively managed and mitigated the ransomware attack, enabling the company to quickly restore its operations.
Comprehensive Attack Analysis and Recovery
Kroll's digital forensics experts analyzed the ransomware attack to quickly and safely uncover critical information to aid recovery. This enabled their client to gain a comprehensive understanding of the vulnerabilities that may have led to the attack, highlighting critical areas for improvement, and enhancing its resilience against future attacks.
Actionable Threat Intelligence
The company benefits from the intelligence Kroll gains through responding to 3,000+ incidents annually, drawing insights from a diverse range of events, clients, sources and experts. This continually updated threat intelligence channeled back into its triage helps to inform their client’s in-house team and enhances detection capabilities.
360-Degree Threat Visibility
The company now has continuous and comprehensive threat visibility. Kroll Responder’s tech-agnostic approach allows this intelligence to fuel detection and build a more resilient, integrated organization, from Security Information and Event Management (SIEM) and EDR to vulnerability scanning and behavioral monitoring.
Maximize In-House Security Team
Kroll Responder’s 24/7 monitoring capabilities have optimized our client’s in-house security team, allowing them to focus on intricate or challenging systems. The company’s security team now benefits from real-time threat intelligence provided by Kroll’s world-class analysts, eliminating the need to recruit and sustain an in-house, after-hours security team.
Alongside this, regular service reviews, an integral part of Kroll Responder MDR, keep their client well-informed about their risk profile and status. Kroll provides a vital checkpoint while simultaneously alleviating administrative responsibilities.
Enhanced Cyber Resilience
The valuable insights gained through Kroll’s incident response and post-incident investigation, combined with the ongoing monitoring and threat intelligence provided by Kroll Responder, better position their client to defend against ransomware attacks and other cyber threats in the future. Ultimately creating a stronger foundation for the company’s ongoing cybersecurity strategy.
Need help staying ahead of a complex challenge?
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Kroll Responder managed detection and response for Microsoft delivers enriched telemetry, frontline threat intelligence and Complete Response capabilities to maximize the value of your native endpoint and cloud technology.
Immediately elevate your Office 365 security with 24x7 monitoring, analysis, and automated response using Kroll Responder for Office 365. Detect and respond to threats targeting email, Sharepoint, and third-party plugins leveraging frontline threat intelligence.