Thu, Apr 4, 2024

Seamless Response to Ransomware and a Cyber Resilience Upgrade

Learn how Kroll’s support has enhanced cyber resilience and fortified our client’s cybersecurity strategy.

The Challenge

Seamless Response to Ransomware and a Cyber Resilience Upgrade

A prominent logistics company was in the midst of implementing its Endpoint Detection and Response (EDR) solution to gain insights into the volume of alerts it received round-the-clock. The primary objective was to assess the alert landscape before making further enhancements to its cybersecurity strategy. As part of this evaluation, the company reviewed its alert management processes. Despite having a 24/7 response team, the team was not exclusively dedicated to security operations. Consequently, the company sought a cost-effective means to scale up the team's capacity and expertise.

During the rollout of the EDR solution and the discussion surrounding out-of-hours alert management, the company was hit with a ransomware attack. In response to this critical situation, Kroll was appointed as a digital forensics and incident response partner.

Kroll's Solution

Seamless Response to Ransomware and a Cyber Resilience Upgrade

Kroll's Incident Response team worked quickly with the company to contain the threat, prevent further damage, and investigate the events that preceded the attack. Simultaneously, Kroll implemented its managed detection and response solution, Kroll Responder, ensuring 24/7 threat management while aligning with the company's overarching security strategy.

This proactive approach allowed the company to swiftly transition from crisis mode back to business-as-usual operations. With unanimous agreement on the success of the recovery efforts, the company was keen on retaining Kroll Responder’s 24/7 security monitoring capabilities and leveraging the other security improvements. Consequently, the next step involved creating a transition plan to seamlessly migrate to the company’s endpoint detection and response solution, as initially intended prior to the ransomware incident.

Kroll’s hybrid, collaborative partnership model provided our client with a high degree of control and visibility, all while maintaining 24/7 support.

The Impact

Seamless Response to Ransomware and a Cyber Resilience Upgrade

Seamless Incident Response Support

Kroll's rapid incident response, facilitated by its global network of certified security and digital forensics experts, effectively managed and mitigated the ransomware attack, enabling the company to quickly restore its operations.

Comprehensive Attack Analysis and Recovery

Kroll's digital forensics experts analyzed the ransomware attack to quickly and safely uncover critical information to aid recovery. This enabled their client to gain a comprehensive understanding of the vulnerabilities that may have led to the attack, highlighting critical areas for improvement, and enhancing its resilience against future attacks.

Actionable Threat Intelligence

The company benefits from the intelligence Kroll gains through responding to 3,000+ incidents annually, drawing insights from a diverse range of events, clients, sources and experts. This continually updated threat intelligence channeled back into its triage helps to inform their client’s in-house team and enhances detection capabilities.

360-Degree Threat Visibility

The company now has continuous and comprehensive threat visibility. Kroll Responder’s tech-agnostic approach allows this intelligence to fuel detection and build a more resilient, integrated organization, from Security Information and Event Management (SIEM) and EDR to vulnerability scanning and behavioral monitoring.

Maximize In-House Security Team

Kroll Responder’s 24/7 monitoring capabilities have optimized our client’s in-house security team, allowing them to focus on intricate or challenging systems. The company’s security team now benefits from real-time threat intelligence provided by Kroll’s world-class analysts, eliminating the need to recruit and sustain an in-house, after-hours security team.

Alongside this, regular service reviews, an integral part of Kroll Responder MDR, keep their client well-informed about their risk profile and status. Kroll provides a vital checkpoint while simultaneously alleviating administrative responsibilities.

Enhanced Cyber Resilience

The valuable insights gained through Kroll’s incident response and post-incident investigation, combined with the ongoing monitoring and threat intelligence provided by Kroll Responder, better position their client to defend against ransomware attacks and other cyber threats in the future. Ultimately creating a stronger foundation for the company’s ongoing cybersecurity strategy.

Need help staying ahead of a complex challenge?

Talk to an Expert

Kroll Responder MDR

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.

Kroll Responder MDR for Microsoft Security

Kroll Responder managed detection and response for Microsoft delivers enriched telemetry, frontline threat intelligence and Complete Response capabilities to maximize the value of your native endpoint and cloud technology.

MDR for Microsoft 365

Immediately elevate your Office 365 security with 24x7 monitoring, analysis, and automated response using Kroll Responder for Office 365. Detect and respond to threats targeting email, Sharepoint, and third-party plugins leveraging frontline threat intelligence.

Discover More Client Stories
Client Story

Client Story

Enhancing Security Visibility for a Leading Asset Management Firm

Enhancing Security Visibility for a Leading Asset Management Firm

Mar 28, 2024
Through an outcome-driven approach, Kroll offered the expertise and network and endpoint detection technologies its client needed to manage threats.

Client Stories

Resolving a highly complex security breach for a Global Multinational

Resolving a Highly Complex Security Breach for a Global Multinational

Feb 14, 2023
Discover how Kroll employed its integrated expertise in Cyber Security Services, Financial Fraud, Workflow Assessment, and Physical Security Services to resolve and enable a fast recovery from the damage caused by a highly complex security breach.