HomeContactSite MapPrivacy Policy
         
CompanyProfessional ServicesEducationSoftwareResources
Overview
Incident Response
Computer Forensics
Computer Forensics
Application Security
Network Security
Research & Development
Threat Identification Program
Services by Industry
 
 

Incident Response Case Studies

International Computer Intrusion

A Fortune 50 organization with a global presence discovered a portion of its network was exposed to the internet without adequate security protection.  The company's security personnel discovered that the security lapse began several months earlier.

MANDIANT was hired to:

  • Diagnose the cause of the security breach
  • Determine the extent of the compromise
  • Identify appropriate countermeasures for remediation, such as software and/or hardware implementations, process recommendations, or additional security measures
  • Document and manage the most appropriate remediation plan, and implement an audit process to measure and verify the remediation effectiveness
  • Offer a qualified opinion concerning the potential loss of  personal identifiable information (PII) data
  • Document all the activities and findings in detail, including copies of all forensic images, log files, files, packages, tools, data, or other information collected during the engagement

MANDIANT responded on-site within 24 hours of notification.  We augmented local staff, providing management and leadership of the incident.  Based on our over 120 years combined experience responding to security incidents, we provided extensive focus and drive to the local resources.  We accomplished the following items during three weeks of on-site fieldwork:

  • Forensic analysis on six computer systems
  • Live response on 26 computer systems
  • Scanned over 75,000 unknown binaries for malicious content, and manually analyzed over 100 binaries of interest.
  • Provided short-term remediation plan for anonymous proxy software
  • Provided a short-term remediation plan for the intrusion
  • Provided a long-term remediation plan, documenting recommended countermeasures, process recommendations, and additional security measures to help prevent, detect and manage future security incidents
  • Furnished a letter providing MANDIANT's opinion regarding potential PII data loss during the intrusion
  • Implemented scripts to detect and monitor unauthorized activity on the client networks
  • Developed 129 host-based and 19 network-based signatures related to the intrusion set to determine the scope of the incident
  • Identified an additional 108 hosts requiring remediation
  • Developed illustrations that provided visualization of the attack, the timeline of the attack, and the scope of the intrusion

 

IR Practice Description

back to top