- Too many alerts resulting in fatigue and burnout
- Acquisitions caused complexity
- Added SentinelOne for greater visibility into their environment
- Reduced mean time to respond (MTTR)
To offer innovative packaging solutions to their 10,000+ customers, this Fortune 500 manufacturer’s growth strategy centered on mergers and acquisitions. But with every acquisition, they also acquired an increased attack surface. Keenly aware of this challenge, their cybersecurity team knew they needed help managing alerts and threats, so their company mission could thrive. Today, this Fortune 500 company has over 10,000 global employees, 300 locations worldwide, and generates more than $1 billion in annual revenue.
This Fortune 500 manufacturer’s environment was infested with computer worms, a type of malware designed to multiply and spread across multiple devices. Wriggled into their environment, these worms were detected by one of their security tools. This meant each and every attack triggered an alert, and these alerts popped up day and night. Alert fatigue quickly settled in. Then, the “big incident” happened.
After one of their many acquisitions, this Fortune 500 company became a victim of a ransomware attack on a subsidiary network. However, by that time, they had already found a security ally in Red Canary. When a Red Canary incident handler spotted irregular activity in their network one morning at 1 a.m., they started investigating right away. In addition to identifying a credential dumping attack, they also found encrypted files on their network—classic signs of a ransomware infection.
“Cybersecurity is not an IT thing, it’s really a human behavior thing.”
CHIEF INFORMATION OFFICER
FORTUNE 500 MANUFACTURER
Red Canary’s incident handler quickly notified and informed the rest of the team. Banding together, the team at Red Canary began to research this behavior and create detections. Over the weekend, Red Canary also continued to work with the manufacturer’s cybersecurity team, helping prepare them to take the necessary actions to remediate the ransomware attack.
Admittedly, due to alert fatigue and lack of security expertise, their cybersecurity team wouldn’t have been able to parse through a real threat like this one. Thanks to Red Canary, they became aware of the attack that same day, allowing them to react quickly to secure their environment.
Following the “big incident”, Red Canary published three new detections, meaning these behaviors could now be detected before adversaries started exploiting them. This not only applied to the Fortune 500 manufacturer, but across Red Canary’s entire customer base of 800 customers.
Additionally, this Fortune 500 manufacturer learned the true depth of their partnership with Red Canary through firsthand experience. Thanks to Red Canary’s relentless response to the attack, the manufacturer made the decision to add Active Remediation, Red Canary’s hands-on-keyboard response product. Now, when incidents occur in their environment, Red Canary can respond within their SentinelOne environment, taking action on their behalf when it’s needed most.
The true value of Red Canary
For this Fortune 500 global manufacturer, partnering with Red Canary proved to be a winning strategy—the “big incident” was resolved with great speed and tenacity, and they now enjoy the peace of mind that comes with Active Remediation. Plus, when their next acquisition opportunity comes knocking, they’ll have confidence knowing Red Canary will be there to support them.