Home / Case Study/ Cyber Security Case Study / DFIR & VA

Project Overview
Industry Segment

Digital Forensics & Incident Response + Vulnerability Assessment

Problem Statement:
Customer suffered 3 targeted Ransomware attacks in Q4 2021. Despite having one of the leading Endpoint Protection solution, they were unable to prevent those attacks from encrypting their data. Customer had no visibility over their Shadow IT.
9Tek was engaged for DFIR during the third ransomware attack.

9Tek Solution

During the DFIR, 9Tek observed that there was no Penetration Testing ever performed on Customer’s Infrastructure. Also, it was discovered that there was no centralized platform for Log Management. The Security events generated were not viewed by anyone due to lack of skilled IT Staff.
The forensics findings reveled an unpatched IIS vulnerability which was being exploited by the attacker. The forensics team also found attacker’s persistent backdoor on one of the domain controllers.
9Tek first performed Internal & External Penetration Testing followed by Compromise Assessment. A CIS Benchmarking was also performed to set a hardening baseline for Servers. Once the Infrastructure was hardened, 9Tek then deployed Azure Sentinel SIEM and initiated 24×7 SOC monitoring of customer’s Infrastructure.
9Tek SOC Team now manages Customer’s SIEM alongside providing 24/7 Security Monitoring and Incident Response Services to Customer.