From Adversity to Assurance: A Vietnamese Manufacturer's Transformation with Cyber Guardian
In today's rapidly evolving digital world, cybersecurity remains at the forefront of every organization's concerns. Yet, maintaining a robust cybersecurity posture is easier said than done, especially against the backdrop of increasing cyber threats and a widening cybersecurity skills gap. This is evident when examining a recent case study of a Vietnamese manufacturing customer who called upon Sangfor Cyber Guardian security services to attend to a security incident and subsequently enhance its security operations.
Customer Background
- Industry: Manufacturing
- Country: Vietnam
- Original equipment manufacturer (OEM) to major international brands
- Existing Sangfor Endpoint Secure customer
Image source: https://www.shutterstock.com/
Customer Pain Points & Sangfor Solutions
Pain Point 1: Ransomware Attack
The customer had suffered a ransomware attack that “encrypted” a large number of files on a victim host.
Sangfor Solution 1: Cyber Guardian Incident Response Service
The customer reached out to the Sangfor Cyber Guardian Incident Response (IR) team for assistance upon the discovery of the ransomware attack. The IR investigation first discovered that the host was “encrypted” with Mallox ransomware. A ransom note was left on the victim machine, which was equipped with Sangfor Endpoint Secure.
The IR team found that files were renamed with an extension (.FARGO4) that mimicked encryption instead of being encrypted with a custom cipher. The affected files were still readable and intact after the extension was removed (e.g., deleting the “.FARGO4” from <filename>.txt.FARGO4). Sangfor Endpoint Secure logs revealed that it had successfully prevented the actual ransomware encryption process. It is suspected that, upon realizing their failed attempt, the hacker used a batch renaming tool to append files with the extension to simulate a real ransomware attack.
Figure 1 – An "Encrypted" file was readable when opened with Notepad or by removing the ".FARGO4" extension
The entry point of the attack could not be determined since all key system logs were overwritten by newer and error logs to hide the adversary’s tracks. The Cyber Guardian IR team then applied professional skepticism based on vast IR experience and a deep understanding of the customer’s setup to develop several hypotheses on how the attackers got in. Based on these hypotheses, the IR team provided the customer with recommendations to reduce the risk of repeated infiltration.
Pain Point 2: Inadequate Cybersecurity Expertise
The incident and subsequent IR investigation made the customer acknowledge the limitations of their in-house security capabilities. This was despite having increased their permanent security staff headcount and purchasing multiple new security technologies to start their own security operations center.
Sangfor Solution 2: Cyber Guardian Managed Detection & Response Service
Impressed by the Cyber Guardian IR team’s technical expertise and recognizing the need to supplement existing security operations with professional services, the customer immediately followed up the IR investigation with a month-long proof of concept (POC) of the Cyber Guardian Managed Detection & Response (MDR) service to prevent future re-infections. Key elements of the POC included:
- Onboarding: The Cyber Guardian MDR service team prioritized understanding the customer’s environment, ensuring that the service delivered was tailored to their unique conditions and needs.
- Threat Hunting: During the POC, our threat-hunting activity uncovered vulnerabilities in some of the customer’s critical systems, which had previously gone unnoticed and left them at risk of compromise.
- Notification and Reporting: The MDR service team provided the customer with swift notification and regular status updates on cases we collaborated on. Consistent communication channels ensured seamless dialogue between both parties.
The professionalism and security expertise demonstrated by the service team gave the customer the confidence to choose us to overcome their lack of cybersecurity knowledge and capabilities, entrusting Sangfor Cyber Guardian MDR with 1,050 of their assets.
Sangfor Cyber Guardian MDR Service Benefits
- Security Assurance: Backed by Cyber Guardian MDR’s 24/7 continuous monitoring and vigilant threat hunting, the customer is now safeguarded against real-time threats and potential risks, minimizing the likelihood of incidents like the previous ransomware attack.
- Enhanced Visibility: With advanced security technologies at Sangfor’s state-of-the-art Security Operations Center (SOC) monitoring their environment, the customer gains unparalleled visibility into their security landscape via the dedicated customer portal.
- On-Demand Expertise: The MDR service provides the customer with on-demand access to cybersecurity experts. Through close collaboration with the Cyber Guardian MDR team, the customer’s in-house security team cultivates the necessary skills to run independent security operations in the future.
- Timely Alerts and Reports: Regular updates and detailed reports keep the customer informed, allowing them to focus on their core business.
The customer now operates with greater confidence in their cybersecurity, thanks to Sangfor Cyber Guardian MDR services.
What is Sangfor Cyber Guardian?
Sangfor Cyber Guardian is a comprehensive set of security services for safeguarding an organization’s digital assets and ensuring operational continuity, from security Risk Assessment (Cyber Guardian TIARA) and Incident Response (Cyber Guardian IR) to Managed Detection & Response (Cyber Guardian MDR).
Sangfor stands ready as The Cyber Guardians of Your Business, shielding you against cyber threats that will endanger Your organization's integrity and reputation.
Visit the Cyber Guardian MDR webpage to learn more about service benefits, portfolio, and competitive advantages, so You will discover what Sangfor Cyber Guardian can do to protect Your business.