Partner Profile: Managed Services Provider (MSP)
Requirements:
• Visibility across the customers’ entire enterprise, identifying and neutralizing threats across the attack surface with
advanced response actions.
• Leverage Tier 2 and above Overwatch SOC analysts to bring expertise and hands-on remediation and monitoring.
• Provide integrated 24/7/365 managed Overwatch Network Operations Center (NOC) and Security Operations Center
(SOC) to deliver monitoring, response, and remediation efforts for partner’s clients.
Solutions:
• Actively engaged security analysts responded after hours to research exploits, pull audit logs from firewalls, and block
known TOR Exit Nodes in firewall in order to mitigate attack.
• An integrated Overwatch NOC/SOC to leverage cross-discipline skills and worked as a centralized team to identify and
resolve the security threat.
• Overwatch Managed Extended Detection and Response (MXDR) stepped in to immediately detect and respond to the
attack and alert Overwatch security analysts.
• The incident was processed through an automated solution and process, so that analysts could respond quickly
and appropriately.
• Worked with MSP partner to reconfigure firewall policies within FortiGuard to prevent future TOR traffic within network.
Summary:
The Overwatch Managed Extended Detection and Response (MXDR) platform managed by Overwatch SOC detected
incoming connections had breached several different IP addresses on the end customer’s network. Overwatch’s enhanced
data gathering capabilities provided the analysts with a bigger picture that these connection attempts came from
locations that had recently exploited Fortinet appliances.
The timing was critical for the partner and their client. The incident occurred after hours when teams would have been
done with their workday. However, because the SOC is 24/7/365, Overwatch analysts were actively engaged with no delays.
By having an integrated N-SOC, Overwatch analysts brought cross-disciplined skills and work as a centralized team to
identify and resolve security threats, without the isolation that comes from having the two services separated.
With the TOR exploits suppressed and the exit nodes shutdown on the firewalls, the MSP partner and their client stopped
the probing of their network from bad actors and kept their infrastructure safe.
If you’re interested in partnering with Overwatch Managed Cybersecurity, contact overwatchsales@highwirenetworks.com.
