Case Study
In brief
Agricultural company
Agribusiness
US-based with global operations
10,000 employees
A U.S.-based agricultural company wanted to leverage unused Retainer credits to proactively improve its cybersecurity program.
Recent research1 shows that modern attack surfaces are dynamic. Without clear visibility that’s constantly updated, it’s all too easy to have persistent exposures and unmanaged assets.
The organization needed help to understand its attack surface risk, both on-premises and in the cloud, and wanted actionable recommendations for how to remediate vulnerabilities before they could be exploited.
CHALLENGE
While businesses may believe they know about all their internet-facing assets, research2 indicates that many organizations have an assortment of vulnerable assets that aren’t currently identified and secured by their in-house security team.
These assets may include sensitive data in unknown locations, websites with a direct or indirect path to the organization, user credentials that may be misconfigured, and previously used SaaS applications that are no longer in use.
Though the agricultural company’s cybersecurity program was more advanced than many organizations in its industry, it needed additional expertise to analyze its exposed attack surface risk.
1. Palo Alto Networks, 2022 Cortex Xpanse Attack Surface Threat Report.
2. ESG Research Report, Security Hygiene and Posture Management, January 2022
SOLUTION
Unit 42 provided the outside expertise the client required. Intelligence-driven and response-ready, Unit 42 brings together industry-leading threat intelligence, incident response, and cyber risk expertise backed by Palo Alto Networks technology.
The client had a Unit 42 Retainer, which allows the purchase of prepaid credits that fit the client’s budget and cybersecurity needs. Though a Retainer puts incident response help on speed-dial in case of a cybersecurity incident, using credits for proactive services enables an organization to be more prepared and reduces the risk of an attack.
An attack surface management (ASM) program is a best practice to provide a complete and accurate inventory of an organization’s internet-facing assets so it can mitigate associated security issues. Using its Retainer credits, the client made Unit 42 its strategic partner to perform an Attack Surface Assessment (ASA).
The Unit 42 ASA helped manage exposure, reduce risk, and improve the client’s security posture by understanding its external attack surface through the eyes of an attacker, so the client could remediate issues before they could be exploited. This point-in-time assessment gave the client visibility into all of its internet-facing assets that a threat actor might find and attack, regardless of whether they reside on-premises or in the cloud.
From the ASA insights, Unit 42 experts developed a comprehensive understanding of the client’s environment. For example, Unit 42 discovered vulnerable systems of which the client was unaware, including a SharePoint server exposed to the internet that often contains sensitive files. The ASA also highlighted vulnerable services like HTTPS, WordPress, and Internet Information Services (IIS) due to exploits being easily available. In addition, Unit 42 discovered and verified a number of sites with insecure logins, effectively providing an open door to the organization.
Based on its findings, Unit 42 provided the client prioritized recommendations to reduce its attack surface risk and better defend the organization.
BENEFITS
Unit 42 analyzed attack surface data through the lens of Unit 42 Threat Intelligence and expertise to focus the client’s risk reduction efforts on the threats mostly likely to target its specific industry and location.
The ASA also taught the client how its security team could apply Unit 42 Threat Intelligence to learn more about threats, using the Unit 42 Actionable Threat Objects and Mitigations (ATOMs) webpage. ATOMs allow the viewer to filter by threat, industry, and region to better understand threat actors, ransomware, and other attack campaigns that are targeting organizations like theirs.
Understanding this prioritization of what threats are likely to impact organizations in their industry and geography is an important benefit Unit 42 Researchers provide. Many organizations don’t have the time or expertise to gather and apply this threat intelligence on their own.
The Unit 42 engagement provided documentation of issues identified in the ASA. This report included a detailed threat profile based on the client’s industry and a summary of findings and observations, calling out critical and high-priority issues.
By partnering with Unit 42 experts, the client is better positioned to protect its assets and its customers. The client’s security team now has expanded skills, enabling them to better apply attack surface data to their environment and specific security concerns while managing their attack surface on an ongoing basis. The security team’s satisfaction with this opportunity to uplevel their skills was important in an economic environment where hiring and retaining cybersecurity talent is a challenge.
Unit 42 helps clients make better use of the data from their existing tools by enriching the data with insights and threat intelligence. Unit 42 has an extensively documented investigation process that its experts are continuously updating to ensure consistent and thorough results for the client.
The Unit 42 assessment helped the client understand what’s important and why, validating that its security program is well-established and relatively mature. In addition, working with Unit 42 experts provided opportunities for the client’s security analysts to learn from experts and improve their attack surface management skills.
The client was enlightened about its vulnerabilities and appreciated receiving the expert advice and granular documentation on how to prioritize vulnerability remediation and effectively reduce its attack surface. “We’ve got some work to do,” the client acknowledged, “and now we know what we need to do. We’ll move forward on the priorities you’ve identified for us.”
Today, the client is better equipped to strengthen its security posture and respond to potential security incidents. The Unit 42 engagement increased the client’s confidence in Palo Alto Networks and its capabilities, resources, and solutions.
About the Unit 42 Retainer
The clock starts immediately when you’ve identified a potential breach. But if you can’t determine the root cause and contain the breach right away, your adversary will be back in no time. With a Unit 42 Retainer in place, you eliminate the unnecessary delays of negotiating costs and terms or scrambling to find help when time is of the essence. Instead, you will engage with an assigned point of contact at Unit 42—someone with an intimate understanding of your infrastructure, existing playbooks, and team—who can quickly support you.
Our Retainers are structured to help you become more resilient through proactive services. You can allocate credits towards Unit 42 Cyber Risk Management Services, such as the Attack Surface Assessment. And with a Unit 42 Retainer, our experts become an extension of your team—well-versed in your environment so we can respond quickly and accurately should an incident occur. Put us on speed dial, and we’ll be ready to assist at a moment’s notice.
About Unit 42
Palo Alto Networks Unit 42™ brings together world-renowned threat researchers, elite incident responders, and expert security consultants to create an intelligence-driven, response-ready organization that’s passionate about helping you proactively manage cyber risk. Together, our team serves as your trusted advisor to help assess and test your security controls against real-world threats, transform your security strategy with a threat-informed approach, and respond to incidents in record time so that you get back to business faster.
Visit paloaltonetworks.com/unit42.
Under attack?