Our Swiss customer provides support to businesses in monitoring specific compliance requirements. The employees are auditors with technical expertise in specialized industry areas. Currently, in addition to traditional laptops, Surface devices and MacBooks are also used.
"As we have access to very sensitive customer data in our work," the CISO (Chief Information Security Officer) explains, "this and generally increasing security requirements have prompted us to reconsider our strategy regarding the currently used tools."
"We have already had initial ransomware incidents that fortunately remained limited to individual devices," the CISO continues.
As a result, the customer searched for a unified security solution that provides not only traditional antivirus protection but also modern approaches to behavioral analysis.
Tobias Paschek, Lead Architect at comdivision for this customer, explained the approach as follows: "We started with an assessment workshop and found that, in addition to mobile solutions, more and more applications were being implemented in remote apps." Paschek continued, "Our proposal was to integrate the already existing Horizon environment into the solution."
As part of a limited proof of concept (PoC), the customer selected 15 employees from different application areas for whom comdivision introduced Carbon Black in a targeted manner.
"Our biggest concerns were the remote deployment capabilities because due to the pandemic, it was impossible to 'collect' the devices," the CISO said. Paschek added, "We provided the necessary access or download data to the employees and remotely supported the implementation via Zoom."
After a training period of approximately five days, false-positive notifications, particularly those triggered by some older applications, were reduced.
About two weeks later, when an auditor docked his notebook into a local Wi-Fi network at an end customer, something unexpected happened: Carbon Black sounded the alarm! Some of the transferred files were classified as potentially dangerous. A forensic remote analysis that was conducted directly with the comdivision team identified malware in the data. It turned out that the end customer had already been attacked, but was unaware of it. The hackers who had infiltrated the system had long since gained access to the Wi-Fi authorization system and were attempting to infiltrate every newly reported device. Through the use of the new antivirus system and the behavioral EDR solution, we were able to react immediately and prevent further serious consequences.
The customer's CISO said: “We would probably have been affected by this attack ourselves, as the analysis showed that the attack method was not recognized by the classic anti-virus. Carbon-Black justifiably classified the behavior as problematic and reacted."