MixMode’s Head of Sales and Alliances, Geoff Coulehan, shares how MixMode was able to identify critical risk factors coming from inside bad actors that had gone undetected by a large U.S. city’s SIEM and UBA platforms despite their multi-year deployments and their decision to decommission their User Behavior Analytics (UBA) platform.
Within the first 24 hours after deployment, MixMode had enabled the government entity to regain control over the security environment and network data infrastructure. No longer limited to log data analysis, they were able to identify and address real-time threats as well as network and operational configuration challenges.
A large utility company approached MixMode with the following scenario: The enterprise SOC was utilizing a shared SIEM application that was being utilized by several stakeholders: the networking team, the SCADA team, the dev-ops team, the compliance team and cybersecurity teams for “basic search and investigation of log files to meet regulatory compliance requirements”.
After suffering a possible breach, a client approached the team at Nisos for help evaluating the security of their AWS environment. The client was concerned about possible malicious activity on the part of a former employee who had maintained an AWS Identity and Access Management (IAM) account after being separated.
In October, 2019 a MixMode customer experienced an incident where an external entity attacked a web server located in their DMZ, compromised it, and then pivoted internally through the DMZ to attempt access of a customer database. While the attacker was successful in penetrating the customer’s network, MixMode was able to detect the event before they were successful in penetrating the customer database.