A regional bank engaged Anitian to provide managed security operations and threat hunting. This bank was growing, rapidly. Leadership was deeply concerned about a breach, and how it could jeopardize their business plans.
This client had a small IT department that was overtaxed on other projects. Existing tools were not providing an effective defense. Moreover, regulators were pushing this organization to improve security after concerns from a previous audit.
Anitian began this engagement, like all our managed security engagements, with a RiskNow Rapid Risk Assessment. A team of analysts worked side-by-side with the client’s IT team to thoroughly review every aspect of their business. In about 10 days, we delivered a Business Risk Intelligence Report and Threat Matrix for the bank’s leadership. A copy of that same report went across the hallway to the Sherlock Cloud Security team.
While the RiskNow team was on-site, our Sherlock Cloud Security team deployed our innovative platform in AWS. Thanks to our sophisticated automation, the platform was fully up and running in about 2 hours. When the team got a copy of the RiskNow Business Risk Intelligence Report, they immediately went to work customizing and tuning the platform to focus on the threats this business faced.
In just a few days, the Sherlock Cloud SIEM had identified suspicious traffic. Our Sherlock Rapid Response team sprung into action. Forensics revealed the presence of a sophisticated, persistent malware on a number of laptops. A foreign hacking group had targeted this bank.
Systems were cleaned and the malware eradicated from the environment. Fortunately, Sherlock was on the case just in the nick of time to crack the case and stop a breach before it ever happened.
While the client had an existing next-generation firewall and endpoint antivirus, neither of these products detected this malware. The Sherlock Managed SIEM and our team of threat hunters detected, tracked, and eradicated this malware.
The Bottom Line
Sherlock Cloud Security spotted, tracked, and stopped a breach before it ever happened.