Situation
In this case, customer teams were using VMware’s Carbon Black Response EDR for endpoints however the deployed solution was only providing minimum baseline protection against malware & viruses, lacking fortification based on real-world use-case scenarios, advanced zero trust threat hunting, as well as 24/7 visibility & integration. Threats and vulnerabilities were still blocked, but customer desired total proactive prevention.
Solution
A team of highly experienced NETS Information Security experts conducted consulting sessions with customer teams to understand requirements and eventually proposed enhancement and customization of Carbon Black Response EDR solution by implementing MITRE ATT&CK framework-based use-cases. Final scope of work included review and strengthening existing security architecture, as well as implementation of multiple uses cases including: Lateral Movement, Data Destruction, Drive-by Compromise, Input Capture Keylogging, Data Encoding, and more.
Benefits and Outcomes
Multiple benefits were realized by customer as part of this project:
⦁ Elevated overall security posture
⦁ Reinforced architecture with enhanced EDR functionality
⦁ Augmented visibility of east-west and north-south network traffic
⦁ Tighter endpoint control via advanced analytics and proactive threat hunting
⦁ Increased user confidence and satisfaction ratings
⦁ Realized cost savings due to tighter security and lower risk
