Advanced threat detection and analytics
After the high-profile cyberattack on SolarWinds became public, the IT team for this leading U.S. medical university raced to determine whether it had been exposed to the threat. The university had already been working with OpenText to update its risk and compliance policies, so it reengaged its trusted partner to help assess its exposure to the SolarWinds malware threat.
OpenText Security Services combines extensive experience with leading technologies to offer clients coverage, such as threat hunting, digital forensics, incident response, risk and compliance and managed security services. By performing a threat hunt on the university’s systems, OpenText and the university quickly identified and addressed security exposures.
Following the swift remediation of its vulnerabilities, the university took the proactive step of adding an extra layer of security with OpenText™ Managed Extended Detection and Response (MxDR) for continuous systems monitoring. The MxDR service is built on a fully remote, cloud-based virtual security operations center (SOC) supported by machine learning and MITRE ATT&CK® framework behavior-based detection rules (TTPs).
The university now benefits from intelligence-based detection of the latest threats, delivering mean-time-to-detection (MTTD) measured in minutes and a 99 percent detection rate. When needed, the university can call on OpenText MxDR experts to conduct in-depth investigations to identify the root cause, impact to the organization and intent of breaches, ensuring the fastest path to remediation.
A few weeks after implementation, another malware threat surfaced that put the university’s new defenses to the test. Using the OpenText™ EnCase™ Forensic solution to take a forensic image of the affected machine, the OpenText Security Services performed forensic analysis and provided a full incident response service.
A spokesperson for the university said, “Within a matter of hours, OpenText Security Services identified all the actions that the threat actor had run on the system, detected all the malicious content and provided a full scope of the sequence of events that occurred on the system.”