Every organization has gaps in its security posture. There is simply too much surface area and too few resources for organizations to perfectly cover all the gaps. Given enough time, attackers will find and exploit these gaps. Below is a high-level case study of one such incident that occurred a year ago at a mid-sized United States defense contractor.
The contractor had appropriate perimeter defenses and had invested heavily in their security team. Despite this posture, they fell victim to a carefully targeted attack. The security staff managed the following tools and processes:
- Web content filtering
- Mail gateway services
- Access control to the internal network, brokered by a Network Admission Control (NAC) system
- Endpoint anti-virus
- Endpoint anti-exploitation software
- Endpoint imaging protocols
- Centralized endpoint and network monitoring
Even with such a formidable security architecture the attackers was still able to breach the contractor’s network environment. The security team’s robust incident response program identified and remediated the breach before too much damage could occur. Once the breach was successfully cleaned up, an internal post-breach assessment recommended that the organization deploy a comprehensive endpoint security solution, which would complement its existing security investments and further drive down the timeline between an incident and its discovery.
The contractor reached out to Red Canary and determined our managed threat detection and response service fully and cost-effectively addressed their requirements.
Over the past 12 months of operation in this environment, the results are clear:
- Over 20 legitimate threats have been detected per 100 endpoints
- Red Canary’s security operations team eliminated 3,400 false positives per 100 endpoints
- Most importantly, Red Canary’s managed endpoint security costs the organization less than a third of the cost of hiring a single employee
Interested in learning more? Read the full case study here.