Last updated at Wed, 26 Jul 2023 21:05:14 GMT
Every Managed 服务 organization claims they have the expertise 和 technology to effectively detect 和 respond to threats. 但他们能证明吗?
Assessing these services 和 how they’d perform in a real-world scenario just got easier with results from the first ever 斜接丙氨酸&托管服务的CK评估.
Rapid7 耐多药 was excited to participate in this inaugural evaluation, along with 16 other Managed Service providers. We battle adversaries on behalf of our customers every single day, 但这些工作大部分都是不为人知的. This evaluation was an opportunity to show a wider audience the early detection, 加速行动, 和 deep partnership engagement that Rapid7's 耐多药的解决方案 delivers to customers across the globe every day.
▶︎ 耐多药产品导览
和 结果 为自己说话.
Rapid7 reported malicious activity across all 10 ATT&CK评估步骤
Rapid7 耐多药 reported 63 of the 74 total attacker ‘techniques’ within these steps, accurately describing the full scope 和 impact of the breach while maintaining the strong signal-to-noise ratio that everyone expects of Rapid7.
This evaluation offers visibility into a real-world engagement with Rapid7. What our team delivered to MITRE Engenuity wasn’t ‘special’ treatment, but rather a demonstration of the resources, 经验, 和 technology we bring to bear for all customers as part of the 无限事件响应服务 包括Rapid7 耐多药.
以下是其他亮点:
Reliable, early detection: we stopped OilRig (a.k.a. APT34)在起跑线
The attack began in a familiar way: a phishing email was used to drop a malicious payload 和 establish persistence on the workstation of an unsuspecting user. 在环境中有立足之地, the attacker performed discovery actions 和 dumped user credentials, before moving laterally across the organization 和 eventually collecting 和 exfiltrating sensitive data.
Rapid7 耐多药 identified the very first step in the attack, notifying MITRE about the download 和 execution of the initial malicious payload 和 providing recommended actions to contain the threat. Had this been a ‘real world’ customer incident, the attack would have stopped here.
全面覆盖整个杀伤链
因为袭击还在继续, our team went on to identify 和 report to MITRE Engenuity all major steps of the compromise – from discovery 和 credential dumping to Web shell installation, 数据暂存, 数据漏出, 和清理.
可靠的、可操作的报告
The evaluation also highlights the comprehensive reporting, 强大的通信, 详细的时间表, 和 deep forensic investigation that Rapid7 耐多药 customers receive. At the conclusion of the engagement, we delivered a comprehensive 40页的事故报告 describing in detail the full scope 和 impact of the breach 和 attributed the activity to APT group OilRig, an Iran-linked hacking group known to target critical infrastructure.
耐多药 left the environment better than we found it
While containment was out of scope for this evaluation, you’ll see that Rapid7 provided detailed response 和 mitigation recommendations along the way. While other Managed 服务 put work back on the customer to figure out how to resolve incidents 和 harden their security to prevent similar incidents in the future, Rapid7 provides this guidance 和 partners with customers to ensure these recommendations are implemented. We provide an end-to-end detection 和 response program.
最后,什么是斜接丙氨酸&CK评估不会告诉你
What’s reported out here is just a slice of what’s possible with Rapid7 耐多药.
While this evaluation was largely endpoint-focused, our customers get complete coverage: endpoints, 网络, 用户, 云, 和更多的. As the attack surface grows in complexity, 你需要一个真正的耐多药合作伙伴, 扩展你的业务, 推动端到端结果, staying ahead of the most advanced attacks, working as a seamless extension of your team.
Our many differences, including integrated DFIR, add up.
要了解更多关于我们评估的信息, 加入我们的网络广播.
