Case Study: Vertek’s USM Anywhere MDR Helps Larger Auto Dealership in the Northeast Improve Cybersecurity Posture
by Vertek Labs
A larger auto dealership in the northeast faced a number of cybersecurity challenges, including:
Lack of resources: The dealership did not have the in-house expertise or resources to manage its own security operations center (SOC). The lack of trained security experts resulted in slower responses times to security incidents.
Multiple security solutions: The dealership was using a variety of security solutions from different vendors, making it difficult to manage and correlate security data.
Increased threat landscape: The dealership was facing an increasing number of cyber threats, including ransomware, phishing, and malware attacks.
The dealership engaged Vertek to implement their top of line Managed Detection and Response (MDR) service using AT&T AlienVault SIEM. Vertek’s USM Anywhere MDR service provides 24/7 proactive threat monitoring, industry leading threat intelligence, and expert incident response. It is built on top of the AlienVault USM Anywhere platform, which is a unified security management (USM) platform that combines multiple essential security capabilities in one unified console. The service easily integrates with the existing security stack and is implemented without interruption to existing operations.
Since implementing Vertek’s USM Anywhere MDR service the dealership has experienced a number of benefits, including:
Improved security posture: Vertek’s MDR service has helped the dealership improve its overall security posture by identifying and mitigating security vulnerabilities, and by providing the dealership with actionable security insights. Vertek’s 24/7 SOC identifies and responds to security incidents with speed and accuracy using industry leading threat intelligence.
Reduced workload and more effective allocation of resources: Vertek’s MDR service has reduced the workload on the dealership’s IT staff by freeing them up to focus on mission critical tasks that fall in line with their core competency. Working with Vertek instead of building an in-house security team has resulted in significant cost savings for the dealership.
Improved peace of mind: Vertek’s MDR service gives the dealership peace of mind knowing that their security is being monitored and managed by a team of experts with expert response to threats.
Vertek was actively monitoring a customer’s network for threats using their USM Anywhere MDR service. AlienVault SIEM detected a large number of failed login attempts to the customer’s Active Directory server. Vertek’s security team immediately investigated the incident and discovered that the attacker was using a brute-force attack to try to guess the passwords of Active Directory users.
Vertek’s security team used context data in the form of network traffic, end-user behavior analytics, and NXLOGS output from their IT tools to understand the significance of the attack. They knew that the Active Directory server was a critical system for the customer, and that if the attacker was able to gain access to the server, they would be able to compromise the entire network.
Vertek also used threat intelligence from the MITRE ATT&CK Framework to understand the tactics, techniques, and procedures (TTPs) of the attacker. They knew that brute-force attacks were a common tactic used by ransomware gangs.
Based on the context data and threat intelligence, Vertek was able to determine that the customer was facing a high-risk ransomware attack. Vertek’s security team quickly took steps to mitigate the risk, including:
Implementing additional security measures to protect the Active Directory server including multifactor authentication (MFA) and enhanced account lockout policies.
Blocking the attacker’s IP address
Educating the customer’s employees about phishing and password security best practices
Vertek’s use of context data and threat intelligence allowed them to develop a complete picture of the customer’s cybersecurity posture and take proactive steps to mitigate the risk of a ransomware attack.
Vertek’s USM Anywhere MDR service using AT&T AlienVault SIEM is a comprehensive and affordable solution that can help businesses of all sizes to improve their cybersecurity posture and protect themselves from cyber threats. With 24/7 monitoring, real time-time threat detection, and expert incident response, customers have peace of mind knowing their assets are protected by a world class security solution.
“Vertek’s MDR service has been a lifesaver for our dealership. We were struggling to manage our cybersecurity on our own, and Vertek has given us the peace of mind knowing that our security is in good hands. Vertek’s team of experts has helped us to improve our security posture and protect ourselves from cyber threats.” – Auto Dealership in the Northeast
February 23, 2024
January 9, 2024