Customer Story

Large Automobile Maker Enriches its Security Posture

Frequent cyber attacks prompts automobile manufacturer to review security tactics

Auto Industry Cyber Attacks Prompt Proactive Response from Well-Known Manufacturer

The automobile industry experiences frequent, targeted cyber attacks. With modern threat actors continuously advancing their tactics, techniques, and procedures (TTPs), one automobile manufacturer saw the critical need to proactively and periodically assess its ability to detect and respond.

  • 6 core competencies required enhancement to improve response time and detection
  • 3 week engagement uncovered operational gaps across all competencies
  • 24/7 global security monitoring implemented to improve overall security posture

Challenge

After a Breach, Mandiant Identified Six Core Competencies Needed for Improvement

After the automobile manufacturer experienced a major breach, its executive leadership team determined existing security program possessed substantial gaps across people, processes, and technology. As a prominent brand, executives realized the organization would always be an attack target. 

Mandiant was called to evaluate the organization’s incident response program and provide best practice recommendations for improvement. Mandiant experts focused on six core security competencies—governance, visibility, communications, intelligence, response, and metrics—needed to achieve an effective and sustainable incident response program. Enhancements to these six core competencies would improve the security team’s response time by helping them quickly and properly detect, investigate, and contain attacks performed by sophisticated threat actors.


Solution

Frontline Recommendations Provide Best Practices in the Event of Another Breach

Mandiant consultants delivered the Mandiant Response Readiness Assessment and provided a best practice recommendations report to the organization’s C-suite. The report outlined a two-year custom roadmap with areas of improvement across the client’s security operations and incident response  capabilities—some of which were implemented shortly after this engagement. Improvements included: implementation of a  24/7 global security monitoring capability, adoption of security incident playbooks, formalization of the manufacturer’s threat intelligence capabilities, deployment of an endpoint detection and response (EDR) tool, and the institution of both success metrics and proper reporting system. These newly found partnerships and processes ensured key stakeholders were built into the formal cyber communications plan moving forward. 

The improvements recommended by Mandiant positioned the manufacturer to respond rapidly and effectively the next time they were targeted in a cyber attack. 


Results

Executives See Year-Over-Year Improvements Thanks to Mandiant Assessment

After suffering a harmful breach, this automobile manufacturer committed to maturing its cyber security posture and improving its incident response capability. Aligning its security operations and incident response capabilities with corporate objectives greatly benefited the organization. 

The manufacturer significantly advanced its security monitoring capabilities around the clock, integrated threat intelligence into their daily operations, developed formal metrics to monitor and mature their incident response processes, implemented SIEM technology to enhance incident analysis, improved mechanisms to track incidents across the full attack lifecycle, and developed crucial stakeholder communication plans. 

These improvements received high praise from the organization’s executives. The company continued to improve its response capabilities year-over-year by hiring Mandiant consultants to conduct annual Response Readiness Assessments. 


More About Company

Forward Thinking, Large Automobile Manufacturer

As a prominent player in the automobile industry, this large manufacturer wanted to better understand the cyber landscape and implement best practices to help avoid compromising intellectual property and personal identifiable information. Following a breach, this company knew their brand’s popularity made them a target for further attacks.

Download the story