Home Case Study

Incident Response

Sulphur (s) as the fourth macronutrient in crop nutrition

Problem:

An employee contacts the help desk and states that her computer is acting strangely and suddenly seems slow reaching the Internet. Network monitoring shows a large data exfiltration occurring from her computer to an IP address in a foreign country. How did they get in? What are they taking from your organization? How do you stop them?

Solution:

Using the advanced remote agent technology of CyFIR Enterprise, your Incident Response specialist in the main office connects to the employee’s computer in the branch and begins to analyze the system. Reviewing running processes in memory, she quickly finds malicious code disguising itself as a Windows service. With a few clicks, she locates the file on the hard drive and begins searching for other corporate computers with the same file. Fourteen other computers in the organization report—within moments—that they carry the malicious program as well. Remediation activities happen simultaneously and stop the attack cold—before the intruders realize they have been shut-out of your system.