During the DFIR, 9Tek observed that there was no Penetration Testing ever performed on Customer’s Infrastructure. Also, it was discovered that there was no centralized platform for Log Management. The Security events generated were not viewed by anyone due to lack of skilled IT Staff.
The forensics findings reveled an unpatched IIS vulnerability which was being exploited by the attacker. The forensics team also found attacker’s persistent backdoor on one of the domain controllers.
9Tek first performed Internal & External Penetration Testing followed by Compromise Assessment. A CIS Benchmarking was also performed to set a hardening baseline for Servers. Once the Infrastructure was hardened, 9Tek then deployed Azure Sentinel SIEM and initiated 24×7 SOC monitoring of customer’s Infrastructure.
9Tek SOC Team now manages Customer’s SIEM alongside providing 24/7 Security Monitoring and Incident Response Services to Customer.