Overwatch Security 24/7 Monitoring and Response alerts the client about the malicious attack.
A Managed Services Provider (MSP) out of California, whose network is monitored by the Overwatch Security Operations Center (SOC) based out of Batavia, Illinois, is open and in business today—and not recovering from a ransomware attack – due to Overwatch’s comprehensive cybersecurity solution and 24/7 detection and response.
Overwatch security analysts alerted the client about suspicious email activity coming from a computer on the client’s network. After running several scans on the host machine, the client detected 130 threats and determined 35 of those threats were serious enough to warrant immediate removal to prevent further infection, advanced penetration, or deeper reconnaissance on the host machines. Upon investigating, the client discovered suspicious BitTorrent traffic. BitTorrent is a known illegal content repository- attackers often use this tactic to deliver malware and ransomware.
The client traced the threats to a remote worker’s desktop and immediately shut down her computer, disconnecting it from the rest of the network. Subsequently, the client scanned all its systems to see if the bot had replicated or assets had been compromised. The client learned there was no user on the system at the time of the alert, indicating Overwatch had likely interrupted an attack involving a malicious bot downloading itself in an effort to proliferate across the network and extricate data.
“Overwatch gave us visibility to eradicate the threat, said Chad O., the client’s services manager. “They reacted quickly to help us stop it. The attack did not spread.”
The client believes had Overwatch not caught this in time, the recovery would have been extremely time consuming and costly, and only more debilitating if it turned out to be ransomware.
Chad added, “The Overwatch alerts saved us a lot of pain. I suspect this would have turned into something big and unchecked because of our remote workforce.”
As for the infected computer, only pertinent company data was moved to an isolated hard drive, the rest of the desktop was wiped clean. The employee received a newly installed and updated OS.
Overwatch’s comprehensive cybersecurity solution and 24/7 detection and response.
Overwatch 24/7 combines state-of-the-art Extended Detection & Response (XDR) technology with the Overwatch 24/7 SOC to effectively cut through the noise and drill down on real threats. Overwatch 24/7 relies on comprehensive, pervasive data collection, big-data processing, and artificial intelligence to uncover relevant, actionable data for effective threat detection and response. Armed with relevant data, Overwatch SOC analysts are able to respond to attacks and stop them at critical points along the kill chain 24/7.
To learn more about Overwatch Security 24/7, email the team at overwatchsales@highwirenetworks.com or call 630-635-8477.
Leave a Reply