Challenge:
With attacks on municipalities on the rise, a midsized county in Virginia knew it needed to improve its cybersecurity posture. The problem was they were not sure where to begin. So they enlisted our services to help them determine their strengths and vulnerabilities.
Solution:
Assura helped the county get started with an assessment of its compliance and security posture. The process revealed they didn’t have adequate visibility into threat activity in their environment beyond off-the-shelf anti-virus software. The solution we recommended was Assura’s Security Information and Event Management (SIEM) service. This essential service made Assura both watchdog and first responder for critical systems and data, allowing us to identify and protect against cyber threats 24/7/365.
Once the SIEM was up and running, something no one expected to find was uncovered—a backdoor. It provided an unknown access point into the county’s network that bypassed any existing security measures. Having discovered these before, the Assura team knew exactly what to do. We first immediately alerted the county and informed them of the critical vulnerability. Then through collaboration with its IT team, we determined the root cause of the backdoor together.
Assura then initiated a threat hunt to determine if a threat actor had not already found the backdoor and given themselves a persistent foothold in the environment, making it possible to return at any time. It was critical to ensure the environment was clean and that we were the first to find the entry point.
Fortunately, we were engaged by the county in time to identify and remediate a potentially catastrophic point of entry for a threat actor to compromise the network.
Results:
The Assura team and the county collaborated quickly to close the backdoor and ensure the environment was safe. If Assura’s services were not enlisted at the right moment, the results could have gone quite the opposite and would not have been known until it was too late.
How threat actors work is they enter your environment but do not attack right away. They sift through your data to determine what it may be worth to you, to them, and on the open market, all the while stealing what’s most valuable. When they feel the time is right, they’ll launch the attack. Many times it’s a ransomware attack, but these days they’ll couple that attack with threats to release the valuable information to the public. This is called extortionware. This malicious tactic locks you out of your systems, and because they have a foothold in the environment, they can take your data hostage until the ransom is paid.
In the county’s situation, this means their constituents’ taxpayer information, law enforcement data, and more. If not paid (or sometimes even if it is paid), this data can be sold on the dark web for a very lucrative amount. Ransomware coupled with extortionware is a multi-billion dollar industry and is only becoming more profitable for the threat actors.
Big picture:
Because Assura’s SIEM identifies and protects against cyberattacks 24/7/365, organizations can feel assured that we’ll detect the bad guys.
Bad actors don’t take time off from their attacks, so it’s critical you’re just as diligent with your defenses. We harness Artificial Intelligence (AI) backed by our experts to ensure that the suspicious activity we detect is acted upon swiftly to mitigate malicious activity. Searching for security monitoring and response services to quickly shut down the bad guys and stay compliant? Our SIEM affordably checks that box with packages to fit any budget.
Learn more about our SIEM packages.