How did a leading higher education organisation contain a significant attack within 20 minutes? 

A significant breach took place on a Sunday afternoon after being missed by the higher education organisation’s existing incident response providers. The motivation behind the attack was two-fold; the attacker was looking for valuable research information and large amounts of student data which can be sold and used for fraud. We worked with the higher education organisation  to onboard over 100,000 endpoints in just six hours and within 20 minutes one of our SOC analysts worked to prevent the attack from escalating through our attack disruption approach.  

What was the key to success? 

It was crucial to take this proactive stance as the higher education organisation ’s previous SOC was in ‘passive mode’, picking up multiple incoming ‘false positive’ alerts but creating a lack of clarity, therefore resulting in a delayed response. Every minute counts when an attack takes place and speed is imperative to prevent devastating consequences. 

We have since worked collaboratively with the customer’s IT team to deploy surface validation and have improved its Microsoft Security Score through sharing a dashboard, analysing its main sources of threats.