Case Studies

Industry: Information technology

Business: IT service provider

Company Size: 20-25

As IT service providers seek to expand business and take on mounting customer security requirements, some are exploring developing cybersecurity programs. Unfortunately, building and staffing a security operations center (SOC) is cost prohibitive and unduly challenging given the current 3.4M global cybersecurity workforce shortage.

Many are moving to collaboratively managed software solutions, like Pillr. Co-managed solutions allow MSPs to meet the 27/7/365 security monitoring needs of their customer base, while developing internal cybersecurity expertise and remaining attentive to costs.

Pillr SOC team response: Security analysts partner to verify event severity

As a part of its always-on security operations practice, Pillr SOC analysts identified an at-risk organization among a partner’s managed customer environments. The customer organization, an international toy company, had been breached via port 3389 through the use of brute force tactics.

Immediately following confirming the connection, the Pillr SOC team contacted the service provider through both email and phone to take on collaborative remediation.

Investigation: Realizing the value of always-on collaboration

Honing in on the event on the platform, the Pillr SOC team uncovered indicators the attacker was attempting to pivot through the network—after gaining access to one machine, they were attempting to move to another. Pillr advised the MSP to take the machine offline, followed by reimaging and resetting user credentials.

Additional research by Pillr threat hunters showed the bad actors had employed known-bad IP addresses and utilized wordlists, inputting multiple usernames until they gained access.

Within 48 hours, the united teams had effectively halted the breach in partnership with the customer’s embedded IT division.

Solution: MSP delivers compelling customer service with the 24/7/365 SOC service and support of Pillr

Within 48 hours, the united teams had effectively halted the breach in partnership with the customer’s embedded IT division. Now, to assess the impact. Using data analysis and investigation tooling on the platform, Pillr security analysts and threat hunters were able to identify the point of weakness in the customer’s system and determine the entry time of the bad actor—even charting their path following entry.

The SOC team then held a postmortem with the MSP, sharing insight into their findings and ensuring the partner was prepared to represent the value they delivered working in tandem with Pillr. To date, it appears no data was exfiltrated as a result of the breach given the close collaboration of Pillr and the MSP.

‍

Industry: Insurance

Business: Insurance brokerage

Company size: 10,000+

Reason for assessment: Regulation required compliance testing

Situation: An employee’s credentials are leaked

Passwords are intended to protect networks—but used incorrectly, they can become a ready key for bad actors. It’s not uncommon for employees to use the same password across third-party sites and workplace access points, making the organization vulnerable to credential stuffing attacks. With this approach, an attacker uses leaked account credentials to access an organization’s appliances, email, or VPN—often gaining access to the entire network.

Read how one insurance firm partnered with Pillr in penetration testing, revealing a previously unknown security risk due to numerous leaked employee credentials.

Pillr assessment: External infrastructure

As part of a routine Pillr security assessment, the team performed a penetration test. The full-spectrum test allowed the team to gain clarity on the environment and situation as they cataloged every potential point of entry for the firm, including Open Source Intelligence (OSINT) reconnaissance.

Solution: Gained access to internal network with leaked credentials

In their assessment, the Pillr team identified a set of employee email credentials that had been leaked on the Darknet—the result of a third-party breach. Using one of these credentials, the team accessed the employee’s desktop via an external Citrix appliance. With a foothold in the internal organization network, they proceeded to hunt for additional vulnerabilities, ultimately gaining domain administrator privileges.

Outcome: Short-term remediation, long-term security strategy

Previous pentesting companies had deemed this insurance firm secure, where Pillr was able to penetrate their internal network and gain access to sensitive information. The final Pillr security assessment documented the firm’s weak entry points, outlined a plan of action to address immediate network vulnerabilities, and provided a long-term strategy to improve the firm’s overall security posture.

‍

Pillr case studies.

Let's connect.

Cybersecurity, supercharged.

Get started.

Pillr case studies.

Let's connect.