CASE STUDY
UnderDefense Helps US IT Leader Make the Most of Existing Security Tools and Ensure 24/7 Monitoring
Key Results
70+
insecure XDR exclusions fixed
40
high-riks alerts were processed
30 min
is an average MTTR
Background
The Challenge
Client Introduction
Industry
Project Duration
Covered Endpoints
“The UnderDefense team is doing great! The type of engagement that we are getting is the type of conversation that we’ve been hoping for since we first envisioned SOCaaS. Friendly conversations mixed with in-depth details, clarifications, and recommendations have been truly great for me to witness. Please tell the team to continue…but my current “net promoter” score is an 11 on a 10 scale!”
Challenges
- Tool-centered approach, relying only on out-of-the-box product features
- Lack of competence to properly assess and configure system functionality
- MTTR was unspecified due to zero alerts received by the customer
- Lack of software fine-tuning, leading to a wrong impression that everything was in order
- Misconfiguration of XDR, causing monitoring blind spots and decreasing protection
- Lack of dedicated professionals with expertise in cybersecurity
Results
- Thorough assessment of settings and introduction of an appropriate incident response workflow
- Close communication via 24/7 hotline and operational chat to address abnormal activities immediately
- Security monitoring 24/7 with an average of 30 minutes MTTR
- Forty high-risk alerts processed and one incident addressed within the last 5 months
- Over 70 insecure XDR exclusions fixed to improve the protection policies and enable advanced malware analysis features
- Providing expert recommendations on identity protection, cloud, and on-prem infrastructure security
Challenges & Results
Challenge
- Tool-centered approach, relying only on out-of-the-box product features
Result
- Thorough assessment of settings and introduction of an appropriate incident response workflow
Challenge
- Lack of competence to properly assess and configure system functionality
Result
- Close communication via 24/7 hotline and operational chat to address abnormal activities immediately
Challenge
- MTTR was unspecified due to zero alerts received by the customer
Result
- Security monitoring 24/7 with an average of 30 minutes MTTR
Challenge
- Lack of software fine-tuning, leading to a wrong impression that everything was in order
Result
- Forty high-risk alerts processed and one incident addressed within the last 5 months
Challenge
- Misconfiguration of XDR, causing monitoring blind spots and decreasing protection
Result
- Over 70 insecure XDR exclusions fixed to improve the protection policies and enable advanced malware analysis features
Challenge
- Lack of dedicated professionals with expertise in cybersecurity
Result
- Providing expert recommendations on identity protection, cloud, and on-prem infrastructure security
It can take one email for your company to come from “Woohoo!” to “D’oh!”
The Solution
The UnderDefense team started with a thorough deployment analysis to ensure the existing XDR platform generated as much value as possible. However, our engineers discovered severe issues and blind spots in nearly every purchased CrowdStrike module, since most critical XDR functions had been deactivated:
- More than 70 insecure XDR exclusions for endpoint protection had been made. That’s why CrowdStrike might have considered various malicious processes legitimate, and it wouldn’t have blocked them. Plus, the root folder was left unmonitored.
- Apart from the basic licensed CrowdStrike version, the client purchased additional XDR modules. However, they hadn’t been configured properly and couldn’t perform their functions.
- General auto-update configurations and detection & prevention policies hadn’t been set correctly. All that desensitized XDR to detect new, stealthy malware and allowed it to slip in unnoticed.
- Incident response policies were not in place, making it impossible to quickly investigate and contain threats.
Outcomes
The client’s and UnderDefense teams made the most of the “Lessons learned” part of the IR report. We have started working on enhancing security posture and preventing ever-evolving attacks. To help the client make the right decision, we’ve explained the importance of professional configuration of the existing XDR platform.
Step by step, the UnderDefense MDR specialists together with the customer IT team implemented all the necessary assessment recommendations.
Enhanced visibility and readiness for threats
By addressing 70+ exclusions, our MDR experts have eliminated blind spots that allowed malicious software to go undetected within authorized parameters. Now, potential threats are promptly identified and addressed, creating a safer and more secure environment for the business.
Moreover, our experts have enabled advanced security logging and malware upload for MDR analysis to ensure maximum visibility during the incidents and understand their impact.
Enhanced MTTR and incident handling process
Proactive and collaborative communication
We have also suggested ways to enhance the client’s security posture beyond the existing XDR solution. Our services include recommending useful tools, improvements, and free options if the client is not ready to incur additional expenses. We do not just manage the purchased tool but provide comprehensive security support.
Besides, we have provided recommendations regarding Cloud and Active Directory security. Additionally, we have started Kubernetes protection implementation, to help the client’s team gain better visibility and optimize operating costs.
The future
Targeted attacks are growing more complicated, and an XDR alone is no longer sufficient. It must be customized to match the business’s specific needs.
We have a lot of plans and much work ahead. Our collaboration continues and has proven fruitful, as demonstrated by the glowing review we’ve received from our satisfied customer:
Being prudent makes all the difference