Partner Profile: Managed Services Provider (MSP) in Myrtle Beach, SC
Incident:
On the morning of Monday, July 1, 2024, an Overwatch MSP partner was reviewing the Overwatch Managed Cybersecurity tickets that came in overnight, a daily routine. While there are usually only a few alerts per day, the partner noticed more than a hundred alerts from Overwatch Managed Extended Detection and Response (MXDR) platform, all pointing to failed attempts to log in to their Secure Socket Layer (SSL). This was suspicious on its own, but as the partner continued to investigate, they realized that these failed attempts were coming from IP Addresses in Russia– a potential spray attack.
Overwatch’s Solution:
Overnight and earlier in the morning, Overwatch 100% U.S. onshore Security Operations Center (SOC) received alerts pointing them to attacks. A SOC analyst reviewed these alerts to determine if the detection was a threat or a false positive. After determining that a threat was indeed there, the SOC analyst sent the tickets to the partner.
Overwatch SOC began closely monitoring the tenant for any successful authentication attempts or other suspicious activity. The remediation strategy with this partner was preventative– after monitoring the activity, it was determined that Overwatch’s best course of action would be to identify where the IPs of the attempts to brute force were coming from and to block them. Overwatch then ensured all VPN credentials were secured and not part of the recent breach.
Partner Response:
The partner quickly decided to shut down their SSL VPN, which mitigated the attacks. After taking this step, they noticed only one failed attempt. The team then investigated the incidents to ensure that nothing malicious had occurred and found these failed attempts were just that: failed attempts. They used geolocation blockers to prevent any Russian IP addresses from even attempting to get into the SSL.
Partner Testimony:
The partner uses Overwatch Managed Cybersecurity services as their primary source for managed threat detection and response, and acknowledged that without Overwatch’s MXDR, they would not have caught these failed attempts, and as quickly as Overwatch analysts and tools were able to do. With MXDR in place, the login attempts were thwarted, and the SSL was not breached. If the partner did not have Overwatch to alert them to these incidents, the partner would have spent money, time, energy, and resources attempting to recuperate from the potentially disastrous effects of the attack– having to go through the triage process, analyze and update their backup solutions, and even have to get new hardware. When it came to preventing a breach from occurring, our partner said it all: “Overwatch alerting us was key.”
If Overwatch MXDR had not been in place, the partner would have been blind to these attempts to hack their SSL. The hackers could have persisted until they guessed the right password and gained access to the network, sitting within the network to gather intel on the partner. Ransomware could have been implemented, which would have escalated the situation even further. With tools like MXDR and EDR (Endpoint Detection and Response), Overwatch partners can take a proactive approach to their cybersecurity posture.
How Confident Are You?
Even MSPs aren’t immune to cyberattacks– in fact, they are likely a bigger target due to their one-to-many client business model. Overwatch, a top MSSP leader, is truly the simplicity button for service providers who are facing their own technical and talent deficit challenges– it’s hard to keep up with the latest technology and always have the best security practitioners to manage the tools and respond to alerts 24/7. If you are looking for a partner who can meet you and your clients where you are at in your cybersecurity journey, with cost-effective and customized service, reach out!
Email: overwatchsales@highwirenetworks.com or learn more about Overwatch here.
