Going Beyond the Virus – A Story of Proactive Intervention
For years, Envision’s Ground Control team of managed services specialists has been implementing strategic monitoring and management services across hundreds of environments. While identifying and patching issues is one of Ground Control’s major responsibilities, it’s just one small piece of the puzzle.
From a larger perspective, the team works proactively to ensure that our clients have the best tools in place to anticipate and eliminate threats before they can interrupt workflows. The following case study serves to highlight just one instance in which our Ground Control team went above and beyond to protect a client from a potentially devastating cyber incident.
Editor’s Note: To respect and protect the integrity of the client who is the main subject of this story, their name will remain anonymous. They will be referred to as “Company X” within the context of this narrative. We offer the following information solely for the purpose of highlighting the work of Envision’s Ground Control team and their continued dedication to helping customers create and maintain more secure digital environments.
A Familiar Case of Misconduct
This story begins with the all-too familiar scenario – an employee engaging in extended personal use of a computer at work. Using a computer supplied by your workplace for online shopping, search engine queries, or entertainment purposes can put that computer, and your entire workplace, right in the path of destructive viruses and other cyber threats. Whether it’s clicking on a nefarious link, installing a foreign application, or, as in this scenario, downloading some other external content to the server, using a work computer for personal objectives can be risky.
The Ground Control team at Envision first became aware of an issue at Company X through an alert in the managed anti-virus software they had previously deployed on the machine. Using managed endpoint software, a Ground Control engineer remotely accessed the tagged computer to further investigate this alert. Not only had the computer in question been infected by a Trojan virus, but a slew of data-rich files originating from outside the company had also been downloaded to the desktop. After some digging, the engineer uncovered the source of the nefarious action: the employee at Company X was using the computer to sift through data originating from an outside source.
What is a Trojan Virus, and What is it Capable Of?
A Trojan virus, commonly referred to as a “Trojan Horse”, is a type of malware that acts like a bonafide application or file to trick the user. Trojans are typically used to steal, damage, or disrupt data within your environment.
In perhaps the worst-case scenario for Company X, the virus infecting the computer could have been a Backdoor Trojan. This specific breed of Trojan gives a potentially malicious user complete control over a computer. With this uninhibited access, a hacker could have deployed items across their network using stolen administrator credentials, subsequently wreaking havoc on the network by encrypting files, deleting data, and potentially causing immense amounts of downtime for Company X. If the Ground Control team had not intervened when they had, Company X could have incurred significant operational, financial, and reputational damage.
An Effort to Remediate
After the virus had been detected, Ground Control eliminated the threat by removing the infection and foreign data from the computer, restoring the computer to its original state (before the employee began downloading the files that led to the corruption). The Ground Control team also advised management at Company X to provide the offending employee with additional training on security best-practices. Oftentimes, employees engage in risky activities because they do not know any better. Employee training is a key component in a secure environment. After all, the more familiar an employee base is with the do’s and don’ts of computer usage at work, the less likely the company is to experience downtime and other interruptions.
Monitoring is one of the most basic services Envision’s Ground Control team offers, but real value is dervied when a managed service provider does more than simply monitor your environment and send alerts. In this situation, Envision’s Ground Control experts went far beyond basic monitoring of the client’s environment. Not only was the Envision engineer able to spot and patch the virus, but they also dug deeper into the issue to uncover the root of the problem: the employee’s misuse of computer privileges. Together, Company X and Ground Control were able to develop a plan to avoid similar cyber threats further down the road. Though the impact of the employee’s behavior turned out to be very minor, the situation could have evolved into a much more complex and harmful issue if Ground Control hadn’t stepped in quickly. By proactively and strategically managing the client’s environment, Envision was able to stop a potentially devastating virus in its tracks before it had the chance to cause significant damage.
Have Questions or Concerns? We Can Help.
Did this story remind you of a similar incident in your organization, or did it spark some questions about the security measures you currently have in place? If so, Envision’s Ground Control team can help. We believe Managed Services should not be “one size fits all”, and we can strategize with you to develop a management solution that fits your organization’s unique needs. For more information on Envision’s Ground Control Managed Services offerings, visit www.envisionsuccess.net/integrated-services/ground-control or give us a call at (401) 272-6688.