One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8444369 |
| Date de publication | 2024-01-29 11:00:00 (vue: 2024-01-29 11:12:21) |
| Titre | Étude de cas: USM de Vertek \\ partout où MDR aide plus grand concessionnaire automobile dans le nord-est à améliorer leur posture de cybersécurité Case study: Vertek\\'s USM Anywhere MDR helps larger auto dealership in the northeast improve their Cybersecurity posture |
| Texte | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Challenges A larger auto dealership in the northeast faced a number of cybersecurity challenges, including: Lack of resources: The dealership did not have the in-house expertise or resources to manage its own security operations center (SOC). The lack of trained security experts resulted in slower responses times to security incidents. Multiple security solutions: The dealership was using a variety of security solutions from different vendors, making it difficult to manage and correlate security data. Increased threat landscape: The dealership was facing an increasing number of cyber threats, including ransomware, phishing, and malware attacks. Solution The dealership engaged Vertek to implement their top of line Managed Detection and Response (MDR) service using AT&T AlienVault SIEM. Vertek\'s USM Anywhere MDR service provides 24/7 proactive threat monitoring, industry leading threat intelligence, and expert incident response. It is built on top of the AlienVault USM Anywhere platform, which is a unified security management (USM) platform that combines multiple essential security capabilities in one unified console. The service easily integrates with the existing security stack and is implemented without interruption to existing operations. Benefits Since implementing Vertek\'s USM Anywhere MDR service the dealership has experienced a number of benefits, including: Improved security posture: Vertek\'s MDR service has helped the dealership improve its overall security posture by identifying and mitigating security vulnerabilities, and by providing the dealership with actionable security insights. Vertek’s 24/7 SOC identifies and responds to security incidents with speed and accuracy using industry leading threat intelligence. Reduced workload and more effective allocation of resources: Vertek\'s MDR service has reduced the workload on the dealership\'s IT staff by freeing them up to focus on mission critical tasks that fall in line with their core competency. Working with Vertek instead of building an in-house security team has resulted in significant cost savings for the dealership. Improved peace of mind: Vertek\'s MDR service gives the dealership peace of mind knowing that their security is being monitored and managed by a team of experts with expert response to threats. Specific example Vertek was actively monitoring a customer\'s network for threats using their USM Anywhere MDR service. AlienVault SIEM detected a large number of failed login attempts to the customer\'s Active Directory server. Vertek\'s security team immediately investigated the incident and discovered that the attacker was using a brute-force attack to try to guess the passwords of Active Directory users. Vertek\'s security team used context data in the form of network traffic, end-user behavior analytics, and NXLOGS output from their IT tools to understand the significance of the attack. They knew that the Active Directory server was a critical system for the customer, and that if the attacker was able to gain access to the server, they would be able to compromise the entire network. Vertek also used threat intelligence from the MITRE ATT&CK Framework to understand the tactics, techniques, and procedures (TTPs) of the attacker. They knew that brute-force attacks were a common tactic used by ransomware gangs. Based on the context data and threat intelligence, Vertek was able to determine that the customer was facing a high-risk ransomware attack. Vertek\'s security team quickly took steps to mitiga |
| Envoyé | Oui |
| Condensat | 24/7 able about access account accuracy actionable active actively additional address adopt affordable alienvault all allocation allowed also analytics any anywhere are article assets at&t att&ck attack attacker attacks attempts authentication author auto based been behavior being benefits best blocking brute building built businesses can capabilities case center challenges class combines common competency complete comprehensive compromise conclusion console content context core correlate cost critical customer customers cyber cybersecurity data dealership detected detection determine develop did different difficult directory discovered does easily educating effective employees end endorse engaged enhanced entire essential example existing experienced expert expertise experts faced facing failed fall focus force form framework freeing from gain gangs given gives good guess hands has have help helped helps high house identifies identifying immediately implement implemented implementing improve improved incident incidents including including: increased increasing industry information insights instead integrates intelligence interruption investigated its knew knowing lack landscape: large larger leading lifesaver line lockout login making malware manage managed management mdr measures mfa mind mind: mission mitigate mitigating mitre monitored monitoring more multifactor multiple network northeast not number nxlogs one operations ourselves output overall own password passwords peace phishing picture platform policies positions post posture posture: practices proactive procedures protect protected provided provides providing quickly ransomware real reduced resources resources: responds response responses responsibility resulted risk savings security server service siem significance significant since sizes slower soc solely solution solutions solutions: specific speed stack staff steps struggling study: system tactic tactics take tasks team techniques testimonial them themselves threat threats time times took tools top traffic trained try ttps understand unified use used user users using usm variety vendors vertek vertek’s views vulnerabilities which without working workload world would |
| Tags | Ransomware Malware Tool Vulnerability Threat Studies |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.