Threat Detected at an Engineering Company in Minutes

When cyber threats strike, every second matters. In our latest SOC story, we’re showcasing how eSentire’s 24/7 Security Operations Center (SOC) Analysts and Incident Handlers protected an Engineering and Consulting firm customer by responding to, and remediating, a critical threat before it disrupted their business.

The attack began with a suspicious remote desktop connection from an admin account to a server in the customer’s environment. Our SOC Cyber Analysts observed the threat actor adding Microsoft Defender exclusions to bypass protection and deploy malicious tools.

In response, our team:

• Isolated the impacted server immediately to prevent lateral spread.
• Contained the threat and alerted the customer by phone within 14 minutes of detection.
• Disabled the compromised admin account and provided guided remediation, including resetting user credentials and verifying MFA configuration.
• Investigated the intrusion vector by analyzing firewall logs and identifying potential vulnerabilities in a SonicWall appliance.
• Conducted a complimentary Dark Web Monitoring scan to determine if compromised credentials were being exploited.
• Discovered evidence of a DC Sync attack, where the threat actor had likely replicated Active Directory information.

This attack, which could have escalated to a ransomware incident, was contained and remediated through our expert response capabilities. Beyond alerting the customer, our SOC and Incident Handling teams delivered actionable insights and full remediation guidance to secure our customer’s environment and prevent business disruption.

Join Brandon Stencell, Manager, SOC Incident Handling, to learn how our rapid response and remediation capabilities helped protect the customer’s organization against a potential ransomware attack. Learn why our people set us apart, delivering not just alerts, but the trusted response and remediation you need.