U.S. medical university

Advanced threat detection and analytics

After the high-profile cyberattack on SolarWinds became public, the IT team for this leading U.S. medical university raced to determine whether it had been exposed to the threat. The university had already been working with OpenText to update its risk and compliance policies, so it reengaged its trusted partner to help assess its exposure to the SolarWinds malware threat.

OpenText Security Services combines extensive experience with leading technologies to offer clients coverage, such as threat hunting, digital forensics, incident response, risk and compliance and managed security services. By performing a threat hunt on the university’s systems, OpenText and the university quickly identified and addressed security exposures.

Following the swift remediation of its vulnerabilities, the university took the proactive step of adding an extra layer of security with OpenText™ Managed Extended Detection and Response (MxDR) for continuous systems monitoring. The MxDR service is built on a fully remote, cloud-based virtual security operations center (SOC) supported by machine learning and MITRE ATT&CK® framework behavior-based detection rules (TTPs).

The university now benefits from intelligence-based detection of the latest threats, delivering mean-time-to-detection (MTTD) measured in minutes and a 99 percent detection rate. When needed, the university can call on OpenText MxDR experts to conduct in-depth investigations to identify the root cause, impact to the organization and intent of breaches, ensuring the fastest path to remediation.

A few weeks after implementation, another malware threat surfaced that put the university’s new defenses to the test. Using the OpenText™ EnCase™ Forensic solution to take a forensic image of the affected machine, the OpenText Security Services performed forensic analysis and provided a full incident response service.

A spokesperson for the university said, “Within a matter of hours, OpenText Security Services identified all the actions that the threat actor had run on the system, detected all the malicious content and provided a full scope of the sequence of events that occurred on the system.”

Detection of threats within minutes

Speed is key when it comes to detecting a cyber breach and preventing further compromise of systems and data. The MxDR service augments the university’s IT team with extensive experience in breach-response investigations and malware analysis, leading to faster, proactive identification and risk remediation. In addition, OpenText cloud-based solutions permit a fully remote service, one that was critical when on-site investigations were difficult during pandemic lockdowns.

“With OpenText MxDR, everything is in the cloud, so it was seamless and efficient for us to use the service. The entire process—the forensic collection and analysis, determining the root cause of a breach, and receiving the report—happens rapidly,” added the spokesperson.

An ounce of prevention

Thanks to its partnership with OpenText Security Services, the university is confident in its ability to quickly identify threats and address them before critical damage is done. By catching breaches early in the cyber kill chain, the university effectively reduces the risk of disruptive ransomware attacks that could jeopardize critical operations.

The spokesperson noted, “In recent threat incidents, OpenText MxDR experts were able to prove that the threat actors didn’t move laterally, did not exfiltrate any data and did not persist. This gave us peace of mind that our environment is secure.”