Motorola Mobility, a wholly-owned subsidiary of Lenovo, faced a unique dilemma concerning its cybersecurity footprint. A succession of corporate acquisitions caused the staff number to vary over time. However, no matter the size of the organization, their core infrastructure security team remained relatively small. Nevertheless, this SecOps team was responsible for protecting the technical assets of an organization with nearly 40,000 employees and 60,000 endpoints.
Brad Skrbec serves as the Information Protection Principal for Motorola Mobility. With over 33 years of experience with the organization, his current focus involves information risk management, especially in the areas of asset vulnerability and patching. As one of the first Cybereason customers, he noted that Motorola’s application of Cybereason solutions continues to provide significant benefits over time. “Cybereason’s growth, added functionality and usability have given us significantly better capabilities to improve our team and security posture,” Skrbec said.
Still, prior to their acquisition by Lenovo, Motorola struggled with a bloated forensics process that hampered their investigative efforts while also stifling corporate productivity. Cybereason EDR (Endpoint Detection and Response) offered significant improvement by providing real-time visibility into malicious activities anywhere on the Motorola global network, including any threats to critical endpoints. With Cybereason, any malicious activity now gets remediated immediately through actionable detections that provide the full scope of an attack from root cause across every device and user. Let’s take a closer look.
Optimizing Lenovo’s SecOps Forensics and Incident Response Process
Lenovo, one of the most recognizable brands in the world, remains an attractive target for cybercriminals and state-sponsored actors. Skrbec noted that the team, led by Motorola Mobility Chief Information Security Officer Richard Rushing, spent weeks analyzing each attack, struggling with piles of spreadsheets and forensic images from infected PCs. During any investigation, device and application owners were locked out of their systems.
Notably, while Lenovo boasts employees located all over the globe, their cybersecurity team needed the ability to monitor their network infrastructure from a centralized location. In 2020, the difficulties in making on-site visits to global offices highlighted the need for more visibility and control of the network edge. The team felt Lenovo required a tool to provide answers to the “who, what, why, when, and where” questions whenever and wherever an attack happened.
In short, the Cybereason solution served as a game changer for Lenovo. With the visibility into real-time network activity, the team gained the ability to analyze and react to threats faster than ever before, especially those located on the other side of the planet. “We are now able to reach out and look at those remote devices and see detailed information around what processes were firing during the incident, who those processes are calling out to, and what malicious operations (Malops) have been taking place,” noted Skrbec.
Deploying the Cybereason Solution in a Seamless Fashion
Lenovo quickly deployed Cybereason EDR, encountering no issues. Additionally, the frictionless implementation of the new tool caused no disruption to Lenovo’s current network environment. Skrbec noted that previous tool deployments caused significant issues including increased maintenance requirements and friction between the security team, SLT, and end users.
Considering his team’s role in supporting Lenovo’s operations, any new tools causing friction are quickly removed. Notably, the maintenance of the Cybereason solution requires no extra effort from Skrbec and the team. “Cybereason not only met all of the criteria we were looking for, its implementation was virtually frictionless. In the security world, that’s exceedingly rare,” he commented.
Providing the Actionable Information to Protect Technical Infrastructures
Protecting a global enterprise’s technical infrastructure remains a complex task for any SecOps team. Lenovo’s team relies on the critical, actionable information provided by Cybereason Threat Intelligence, a Cybereason feature that facilitates the analysis of incident behavior for each cyber attack. Contextualized and correlated insights into the root cause, affected users and machines, and attack timeline all led to a much more intelligent incident response.
“This is not just an AV alert. Instead you can see all of the communications. That amount of information makes it MUCH easier to make that decision to execute or quarantine,” Skrbec said.
Improved Detection and Remediation
Cybereason EDR uses behavioral analysis and ML-powered detection and correlation of malicious behaviors to improve detection speed and accuracy. The Cybereason MalOp™ (malicious operation) detection engine allowed a single Lenovo analyst to manage up to 200,000 endpoints, almost three times their current network needs.
These analysts could also instantly remediate issues from a single, intuitive point and click interface. Lenovo’s SecOps team can now instantly execute remediation actions such as machine isolation and process killing without crafting complicated queries.
Offering Real-Time SecOps Reporting to the C-Suite
With cybercrime seemingly in the news on a regular basis, Lenovo executives now pay close attention to the work of Rushing’s team. Cybereason EDR provides detailed statistics on network activity and attacks faster than ever before. This includes actionable information on endpoint activity, providing Skrbec with the ammunition he needs when meeting with his bosses.
If the C-Suite wants to know how a ransomware attack is being handled, this vital information is quickly available. Executives gain the peace of mind that Lenovo’s SecOps team has the resources and actionable data to fix any issues and mitigate any problems.
Deploying Cybereason EDR provides Lenovo with the broad functionality needed to be successful. When it comes to cybersecurity tools, Lenovo remains a demanding customer. “We maintain a certain amount of flexibility in our tool belt, because to stay onboard with us, delivering on promises is paramount,” Skrbec said.
If you want to learn more about the impact Cybereason Endpoint Detection and Response made on Lenovo’s cybersecurity footprint, check out this video. Our products provide your SecOps team with the real-time network visibility and actionable data they need to protect your business’s technical infrastructure.
Cybereason is dedicated to teaming with Defenders to end attacks on the endpoint, across the enterprise, to everywhere the battle is taking place. Learn more about Cybereason AI-driven XDR here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.