Partner Profile: Managed Services Provider (MSP)
Requirements:
• Provide Overwatch security engineers and analysts to manage and monitor the network and mitigate attacks.
• Overwatch Managed Endpoint Detection and Response (EDR) powered by SentinelOne Complete to monitor
endpoints, detect suspicious behavior within the network, block bad actors’ activity, and assist in remediation efforts.
Solutions:
• Overwatch Managed Network Operations Center (NOC) and Security Operations Center (SOC) to detect, respond, and
alert analysts who bring hands-on experience and expertise.
• An integrated Overwatch NOC/SOC to leverage cross-discipline skills and worked as a centralized team to identify and
resolve the security threat.
• Identified suspicious executables and alerted security analysts through monitoring automations.
• Examine the hash to identify executable as “info stealer” attack.
• Quarantine and kill executable along protocol.
• Follow Major Incident Management program, escalating to senior SOC Tier 3 member and management.
• Put executable into a “sandbox” isolated environment to confirm location of malware repository and confirm positive alert.
• Confirm vulnerability within the client’s network while working alongside Overwatch
• Supply MSP Partner with patch management to resolve the issue permanently.
Summary:
Overwatch Managed Endpoint Detection and Response (MEDR) identified a suspicious executable and alerted security
analysts to take action. The security analysts researched the threat, and by examining the hash identified the executable as a
known “info stealer” attack. The team immediately quarantined and killed the executable, then followed the Major Incident
Management program and brought the incident to an Overwatch Senior SOC Tier 3 analyst and management. The team
reviewed the logs and confirmed that the suspicious executable was indeed part of the “info stealer” threat, which had found
a way inside this client’s network. The team put the executable into a “sandbox” environment where they confirmed the
location of the malware repository and thus confirmed that this was indeed a true positive alert.
Overwatch identified a vulnerability in the client’s network appliances. The team gave this information to SentinelOne, and
they confirmed the vulnerability and supplied the MSP partner with the patch that resolved the issue. The analysts scanned
the entire environment for any additional “info stealer” executables to ensure the environment was clean. The MSP partner
then patched the environment to resolve the issue permanently.
The combined Overwatch Managed NOC and SOC efforts enabled the team to use cross-discipline capabilities and data
gathering to determine the problem that had infected the end customer’s system. This was the second time in just a few days
that the combined managed network and security services aided in the resolution and overall positive outcome of an attack.
If you’re interested in delivering Overwatch Managed Cybersecurity and its team of security and network experts, contact us
at overwatchsales@highwirenetworks.com.
