Go behind the scenes and hear Wade Woolwine, director of managed services at Rapid7, discuss how the MDR team responded to a breach in a customer environment that continued through the night and into the following day.
To learn more about the MDR service at Rapid7 and how the SOC team works together, watch the service overview.
Just last night, we had a breach in a customer environment. It started around 5:00 pm and we worked the incident until about 3:00 in the morning, took a couple hours of nap because our customers needed a little bit of a break, and then started again at 5:00 in the morning.Show more Show less
It was a significant event from a time investment and IT challenge perspective. This wasn't a targeted threat. This was a worm that had gotten into their environment, and spread to several hundred machines very, very quickly. The work that we did in the last 12 to 18 hours was really around being able to do the analysis of the threat, identify the indicators of compromise, put those into a scoping methodology to help our customer identify the 100 plus systems that were affected by this particular malware variant.
It didn't just stop there. We were with them, holding their hand throughout the entire remediation process, helping them identify how to remediate the compromised systems without having to pave and replace, helping them manage their network indicator rules, their network firewall blocks, as well as being there for moral support. At the end of the day, regardless of whether it's a targeted breach or a nuisance breach, the tensions are high and it's really important to have a team that is level-headed to help our customers make the right decisions, to help them communicate to their executives, and ultimately to set the path for threat mitigation.
Don’t miss a thing: Let Rapid7 experts monitor and hunt attackers in your environment.Get More Info