The PDI SOC team operates 24/7/365, proactively monitoring for known and emerging cyber threats.

Did you know that within the average company network there are between 20 and 100 cyberattacks taking place every single minute? The thought can be mind boggling, but keeping your business secure really boils down to two basic requirements: 1) Maintaining control of sensitive data, and 2) Keeping your IT environment free from malicious activity.

Many companies are big enough to have their own IT group; however, dedicating someone to 24/7 threat detection and response is a tall order. Even with a SIEM or other security technology solution in place, todays advanced malware is designed to bypass traditional antivirus settings. Furthermore, organizations simply dont have the manpower for the eyes-on-glass” style log monitoring that catches active malware and code execution as it happens.

Finding active malware in a new customer’s environment

Late in the day on a recent Friday, a new customer began installation of our Managed Detection and Response (MDR) service to their end user systems. This customer is an SMB (small to mid-sized business) that relies on personal computers to keep their business running. Sound familiar?

A few hours after the customers implementation was complete—at 12:05 a.m. Saturday to be exact—our MDR service blocked an attempted execution of malware that was present on one of their remote office computers.

As it turns out, this active malware had been on the remote office machine since October 2018. With each user login, the malware was executing and performing data harvesting, as well as making attempts at lateral movement and propagation. A variant of Trickbot malware, it checked for POS systems, gathered information about the network, and scraped the system for usernames and passwords, web history, email data and more.

Upon identifying the malware threat, PDI SOC analysts immediately began investigating and cleaning up the malicious files and settings, blocking the infections and stopping further malicious activity from that user profile. All this activity, from initial threat identification to complete containment of the malware, took place in under an hour.

Two days after the initial threat detection and prevention, the same customer had another active malware incident on yet another system. PDI MDR blocked the attempted usage of Microsoft Windows tools to perform code execution and malicious code injection and once again, our SOC analysts immediately began their investigation to uncover the root source. Inside a single user profile, the analyst found eight different active malware variants: DRIDEX, Fireball Web Hijacking, Kryptik, and five variations of Trickbot.

Significant cleanup had to be performed due to the number of threats identified. A team of SOC analysts worked with the customer to network isolate the system, and they began triage and cleanup of the infected user profile and host, working closely with the customers IT team. Even with the extent of the infection, the PDI team was able to quarantine, block and remove the threats quickly and effectively, and cleanup was fully completed within three hours.

Through their investigation of system files and other artifacts, the SOC analysts were able to determine that the source of these attacks were malicious websites and email links, which makes sense, given that over 90% of attacks are the result of phishing campaigns and other social engineering attacks. One misguided click is all a cybercriminal needs to gain access to an entire business environment.

Traditional antivirus misses advanced threats 

Prior to becoming a PDI client, this SMB had been relying on the standard antivirus protection that comes with Microsoft Windows. While the convenience of a free, included product is cost-effective, you really do get what you paid for.” These built-in products provide only basic levels of protection and fail to block the advanced threats that are now commonplace.

MDR services are business critical because they provide the necessary manpower, expertise and responsiveness. Employees and companies are being attacked by advanced threats and previously unknown variants of malware much more frequently than they are reused existing malware variants. SOC analysts are trained to spot and appropriately investigate any anomalies represented by these threats.

Its no surprise that the response from this new customer after seeing their immediate return on investment was, Im really liking this new MDR service!

Both the attacks outlined above were performing data gathering of cached passwords and user activity, as well as looking for additional assets inside the network that could yield sensitive data for extraction. If the customers network hadnt been properly segmented, a data breach would have likely occurred prior to our services even coming into the picture.

However, any number of bad things could have come from these attacks. At any point in time, these attackers could have launched ransomware and encrypted the usersenvironments. They also could have accessed the infected usersemail contacts and sent corrupted files to customers from a company email address. This would surely have erased the trust factor the company had built with their customers.

That’s where PDI Managed Detection and Response (MDR) comes in. Our MDR service delivers an individualized threat detection program that ensures our customers are protected and they don’t have to worry about being victimized by a data breach, malware, ransomware, or any other form of cyberattack.

PDI SOC analysts provide that 24/7, eyes-on-glass support. We are watching your systems even while you’re sleeping, which gives you peace of mind regarding your operations.

Contact us today to learn how PDI Security Solutions can help protect your business from cyber threats.