Internal Malware Attack Detected and Stopped by Global IT Firm

 

THE CHALLENGE

Perimeter based defense solutions like security information and event management platforms (SIEMs) have a blind spot - they can’t detect internal and unknown threats. So when the desktop of a user at a global technology consulting firm was exhibiting anomalous behaviour, it almost slipped through the cracks. This user was not active on her desktop for several days, but it was running and being being hijacked by a very specific malware.

THE SOLUTION

VASA by RANK Software is able to identify unknown and internal threats using anomaly detection - without the need for pre-configured rules. VASA allowed the cybersecurity team to investigate this user’s desktop and compare the behaviour they were observing to other similar users at the business. Upon seeing that this user’s behaviour was inconsistent with the baseline behaviour, it was flagged for further investigation. This secondary investigation discovered the trojan activity and allowed the security team to quickly take action and mitigate the impact of the attack.

THE RANK DIFFERENCE

RANK is uniquely able to deliver this solution through:

  • Anomaly detection without the requirement for pre-configured rules
  • Behavioural analysis that compared user behaviour on fifty different dimensions to baseline behaviour
  • Risk scoring that helped to identify credible threats

Get a Demo