Customer Stories

When a SIEM Just Isn’t Enough: Squashing a Sophisticated Cyberattack

Organization

Global Healthcare Giant

Industry

Pharmaceutical

Challenge

  • Trouble configuring custom detections within the SIEM for post-exploitation coverage
  • The rules are often bypassed, and investigation of the few alerts that fire, take up considerable time, hindering the team’s ability to respond quickly

Results

  • While monitoring over 1 million identities, users and services, within the environment, Detect for AWS spotted behavior closely resembling an attacker probing the footprint for weaknesses, and their SIEM did not.
  • Detect for AWS then observed the malicious principal attempting to disable security tools within the environment as a means to establish persistence
Read More
When a SIEM Just Isn’t Enough: Squashing a Sophisticated Cyberattack
Customer Stories
When a SIEM Just Isn’t Enough: Squashing a Sophisticated Cyberattack

You may also be interested in: