Case Study

Accelerating security in a fast-paced industry


A large automotive manufacturer needed to strengthen its defenses following a business email compromise event that exposed key gaps in their incident response plan. They turned to the Unit 42 team for in-depth incident response planning customized to their environment and ongoing IR retainer services.


In brief

Customer

The client has requested to remain anonymous due to the sensitive nature of the incident

Services

Unit 42 Security Consulting

Country

United States of America

Industry

Automotive Manufacturing


Challenges

The manufacturer sought to reinforce its defenses after a business email malware exposed security gaps in their incident response (IR) process, coordinate cybersecurity implementation, and build and deploy a cybersecurity program to avoid similar situations in the future.

Requirements
    • Update incident response plan to better prepare for future incidents
    • Retain a long-term partner to help shore up cyber defenses and be available to assist in future incidents
Solution

Utilizing Palo Alto Networks Unit 42, create a cybersecurity strategy with a solid, tailored IR plan to better protect the business, along with a “Go Book” containing contacts, processes, and resources to help expedite the response.

Download PDF Share

CHALLENGE

Rev up incident response (IR) following an attack

After recovering from a business email compromise (BEC), a global automotive manufacturer realized they needed to shore up their defenses and be better prepared should a more significant incident occur. It was a wake-up call—the incident response effort had exposed key gaps in their IR plan.

While no company wants a cybersecurity event to occur, occasionally the event can serve as a catalyst for the organization to refocus its attention on security and the overall resilience of the company. For this automotive manufacturer, a business email compromise prompted the enterprise to get more proactive about incident response.

REQUIREMENTS

Find a partner to plan and prepare

Post-breach, they wanted to take the lessons learned and better prepare for the next time the plan was put into action. A key first step was to identify a long-term partner able to help them not only better defend and prepare for future incidents but be at the ready to assist them every step of the way should an incident occur again.

SOLUTION

Unit 42: A trusted advisor to strengthen IR planning

After interviewing a number of incident response consulting firms, this manufacturer chose the team they had come to trust during their business email compromise investigation. They called in the Unit 42 experts to assist them in developing an incident response plan.

The Unit 42 team conducted an in-depth review of the manufacturer’s IT environment, security tools, processes, procedures, and documentation. They identified security gaps as well as incident response plan deficiencies and assisted the company in bolstering its security defenses and building a complete, tailored IR plan to better protect the business. Once the teams were comfortable with the IR plan, Unit 42 tested it through a series of tabletop exercises to better familiarize the teams with the new workstreams and validate that the plan works. The organization viewed the retainer and these proactive services as the beginning of a long-term relationship. This client can rely on Unit 42 to be ready to assist should a future incident occur.

BENEFITS

A “Go Book” to speed and strengthen IR

Unit 42 created a “Go Book” for the client that provides information for both Unit 42 and the client on key contacts, processes, and resources, which will help expedite the response to an incident if needed.

A Unit 42 “security advisory group”—including staff from risk management, forensics, leadership, and more— meets with the client team quarterly to perform a security health check, make any needed adjustments or assessments (such as vulnerability scans or penetration testing), ensure the “Go Book” is still up to date, and carry out periodical tabletop exercises.

RESULTS

Stronger security with experts at the ready

Thanks to the expertise of the Unit 42 team, this automotive manufacturer is better able to defend against cyberattacks as well as more quickly and confidently respond to a cybersecurity incident. They now have well-defined, documented, and regularly updated processes and procedures plus a team of experts on speed dial who can quickly help in containing, responding, and recovering from cyberattacks.

To learn more about Unit 42, visit paloaltonetworks.com/unit42.

Get in touch

If you’d like to learn more about how Unit 42 can help your organization defend against and respond to severe cyberthreats, visit start.paloaltonetworks.com/contact-unit42 to connect with a team member

Under attack?

If you think you may have been breached or have an urgent matter, please email unit42-investigations@ paloaltonetworks.com or call US Toll-Free: 1.866.486.4842 (866.4.UNIT42), EMEA: +31.20.299.3130, and JAPAC: +65.6983.8730