Case Study: Secure Your Environment Across Endpoints, Cloud and Infrastructure
March 20, 2023
The rise in cyberattacks has put a spotlight on the importance of prioritizing cybersecurity so your company’s response to a threat can be proactive instead of reactive. It was this concern that had a US-based, mid-sized manufacturing company (the manufacturer) question the effectiveness of their cybersecurity solutions.
With more than 60 years in business, the manufacturer, who was an existing client of Aprio, made the decision to engage Aprio’s Cybersecurity Advisory Services team to help them reevaluate their current cybersecurity solutions to secure their business operations and data, and reduce their vulnerability to potential threats.
Getting the customer to recognize that their existing solution was not adequate to detect threats to their environment.
To start, we educated the manufacturer on the differences between their existing solution and its limitations in detecting threats compared to the security monitoring solutions and services that we were offering.
As Aprio’s Cybersecurity Advisory Services team began the production development phase, suspicious alerts were detected, prompting a thorough analysis of the manufacturer’s logs. The Aprio team soon discovered the manufacturer had already been severely compromised.
The manufacturer immediately agreed with our recommendation to engage Aprio’s Security Operations Center (SOC) services to perform an in-depth incident response. While engaging the SOC team is not a standard step in the production development phase, it not only validated the breach but identified the breadth and depth of the breach as well.
When the incident investigation was complete, the team shared the alarming discovery with the manufacturer’s leadership and IT team — more than 40% of their environment had been compromised for months.
“Putting solutions in place correctly and appropriately, can prevent a lot of headaches from happening, including mitigating issues around the ability to operate, preventing loss of company and customer data, negative impacts on revenue and damage to the brand’s reputation.”
Based on Aprio’s thorough review of the manufacturer’s log, the team determined the best action plan would consist of implementing the Extended Detection and Response (XDR) solution with SOC monitoring. The severity of the breach was validation for the manufacturer that they had made the right
decision to engage with Aprio’s Cybersecurity Advisory Services team and they agreed to move forward with the implementation. The manufacturer’s leadership and IT team collaborated with Aprio and granted the team full access to their systems.
Aprio’s XDR solution automatically collects and analyzes data across the entire environment — endpoint, cloud and infrastructure — to provide extended visibility, detection and analysis to mitigate cybersecurity threats. XDR reduces manual work for internal IT resources and proactively detects more sophisticated threats to enable rapid response, through advance detectors and integrated counter threat intelligence information. Aprio’s SOC monitoring solution provides ongoing 24/7/365 monitoring to enable rapid response to valid threats before they can harm critical systems and data.
With the implementation of XDR, the manufacturer’s environment was free from malware, malicious activity and the staggering number of alerts had ceased to exist. The manufacturing company is now set up to be proactive, which protects them from severe compromises. Now, the manufacturer’s team can focus on their systems and higher-value work rather than chasing cyber threats.
Dr. Kenneth Cooper, Aprio’s MSSP Client Service Delivery Director reflected on this success story and how it illustrates the importance of “putting solutions in place correctly and appropriately to prevent a lot of headaches from happening, including mitigating issues around the ability to operate, preventing loss of company and customer data, negative impacts on revenue and damage to the brand’s reputation.”
Aprio’s Cybersecurity Advisory Services team is now providing overall vulnerability management of the manufacturer’s systems as well as endpoint protection. Working alongside the manufacturer’s leadership, IT and MSSP teams throughout the implementation, strengthened their existing team’s abilities and relationship with Aprio.