Watch what happens inside our Security Operations Centre:
Organizations are facing more cybersecurity challenges today and at any time in the past this transformation and new technologies introduce new risks the conventional security practices are unsustainable it’s clear that you need intelligent integrated and automated security solutions to handle the ever-increasing volume of threats that can strike at any time. At ward solutions we have the people, the know how and the technology to address those threats on a 24/7 365 basis, our next-generation managed security services assess, protect, detect and respond to security events that are happening in your network right now and in real time.
Let’s take a look inside and see how this works.
Continuously monitoring the threat landscape looking for new and advanced threats and gathering security intelligence information from a range of host, network security and cloud devices. Let’s talk to our SOC manager and see how we turned this data into actionable insights.
L1 Analyst: There’s a machine in the finance department trying to connect to a command and control server it looks like we’re dealing with ransomware.
SOC Manager: Okay show me that one screen and let’s run the ransomware playbook can I get a firewall block on traffic going to that server and let’s get isolated from the network.
L2 Analyst: Okay putting that in now. Machine has been isolated and the user has been notified.
SOC Lead: Thanks can we get an incident response notification out to the client please.
SOC Manager: Send the IOCs to the threat-hunters so we can determine what happened here can we get a scan of that subnet using QVM.
L1 Analyst: Okay, sending now.
L3 Analyst: Got them! I’ll start hunting the carbon black ruled by Watson as well yes, it looks like petya.
L1 Analyst: I’ve run a scan and there are multiple machines vulnerable to the CVE-2018-4878.
L3 Analyst: Yeah, it appears the vulnerability was exploited using the RIG exploit kit, which is then used to install the Petya ransomware.
L3 Analyst: Okay, I’ve done a scan on the remaining machines on the network and I can confirm the IOC’s do not exist anywhere else.
SOC Manager: Well done everyone. We stopped this one in time let’s take that alert level down.
SOC Lead: I have a call scheduled with the client in the incident room in five minutes.
Call with Client
SOC Lead: Just a quick update on your earlier incident, one of your machines in the finance department was infected with a ransomware. It originated a malicious email which then
installed an exploit kit that in turn and installed the ransomware. So where are
Client: Where are we at now Orla?
SOC Lead: So the incidents been closed and the ransomware has been blocked. We found the exploit and patched the vulnerable machines which could have been compromised. We’re giving some recommendations to your IT team and the incident report will be with you shortly.
It’s clear that you can’t avoid every cybersecurity attack but you must be able to swiftly deal with those that threaten your environment and that’s where we come in. Continuously monitoring your IT landscape detecting and responding to those threats providing you with security and peace of mind, managed security services from Ward solutions.
Here is a high level incident response plan, view.
If you would like to speak to our subject matter experts for further advice, call us: 1800 903 552 or e-mail us.