When a government agency known for investigating criminal activity tells you hackers may launch a major cyber attack against your company, the organization’s security team usually takes the warning seriously. Without context, though, such an alert could prove to be nothing more than a phantom threat.
A large software company found itself in this situation and turned to Cybereason to help it figure out if its defenses had been compromised. The government agency told the business its name had appeared in several hacker forums and that the organization could possibly be the target of a DDoS attack. The agency also gave the company a list of 2,000 potentially malicious IP addresses and recommended that the business block all traffic from those sites.
The customer complied with this suggestion and also reviewed firewall logs to see if employees had previously visited the potentially malicious sites. This search revealed that some traffic had been coming from a subset of the questionable IP addresses.
Fearing they had been compromised, the company wanted to investigate these incidents. Since the company’s small security team lacked the resources to determine if a breach had occurred, they considered hiring an expensive incident response firm to conduct an investigation.
However, instead of paying millions of dollars to gather the details on a possible breach, the company opted to deploy Cybereason at a fraction of the cost. This decision proved wise. Using the Cybereason platform, our customer's security team was able to immediately gain context around the threat and figure out the company wasn’t under attack.
Read the case study to find out how Cybereason frees analysts from alert overload, provides immediate endpoint visibility and why the organization's CISO called our platform a "source of truth for security incidents."
