Extensive telemetry and intelligence for accelerated investigation and remediation.
Search
Unit 42 Secures Medical Device Manufacturer After Network Breach
The Incident Response team quickly contained the breach, identified vulnerabilities, and implemented robust security measures.
Results
1day
To identify internet-exposed services and attack vectors via Cortex Xpanse®
2days
To mitigate command and control (C2) activity and identify risky security policies using AIOps across 500 NGFWs
2days
To identify harvested credentials and initiate hardening
The Client
Global medical device and equipment manufacturer
The Challenge
The client experienced a network intrusion related to a VPN vulnerability. Initial activity was detected due to brute-force attacks exploiting known vulnerabilities. Unit 42® was engaged to augment the client’s threat hunting and incident response efforts and help:
- Identify impacted areas and additional compromises within their network.
- Understand the scope of intrusion and implement containment measures.
- Build remediation and recovery plans.
Unit 42’s Rigorous Incident Response Approach for Superior Outcomes
Assess
The initial assessment revealed an unpatched vulnerability in the client’s VPN, leading to the discovery of a significant breach within the network.
Investigate
Unit 42 found compromised domain controllers and, using Cortex Xpanse, identified exposed risks and additional security gaps.
Secure
Unit 42 advised immediate password resets, systems to be quarantined, VPN migration, and bolstered perimeter defenses with NGFWs.
Recover
Restored compromised systems using known good configurations and conducted extensive vulnerability assessments.
Transform
Enhanced security via tech hardening, reducing attack surfaces, and improving policies, procedures, and personnel.
“We've used other companies in the past. This is probably my 400+ incident response. Honestly, the Unit 42 team is the best of the best.”
VP, Global Security
Assess
Investigate
Secure
Recover
Transform
Scroll right
Resolution Timeline
Assess
Investigate
Secure
Recover
Transform
Days 0 - 2
Crisis Intervention
Crisis Intervention
Initial assessment revealed evidence of a threat actor conducting remote code execution and access.
Identified multiple domain controllers that were compromised and domain admin credentials had been extracted.
Began credential reset on all impacted users, quarantined affected endpoints, and blocked C2 traffic using NGFW policies.
Days 3 - 5
Remediation
Remediation
Utilized Cortex Xpanse to uncover additional security gaps, including numerous out-of-date VPNs and unmonitored RDP access points.
Began restoring compromised systems to known good configurations and conducted extensive vulnerability assessments.
Days 6 - 8
Restoration
Restoration
Deployed additional Next-Generation Firewalls to enhance perimeter defenses.
Provided continuous guidance to ensure all measures were correctly implemented and effective.
Shared best practices for using AIOps on client’s NGFWs for better network hygiene and visibility.
Threat-informed Incident Response
With Unit 42 Incident Response, stay ahead of threats and out of the news. Investigate, contain, and recover from incidents faster and emerge stronger than ever, backed by the full power of the world’s leading cybersecurity company. Contact us to gain peace of mind.
Backed by the Industry’s Best
![Threat Intel logo icon]()
Threat Intel![Technology icon]()
TechnologyPalo Alto Networks platform for in-depth visibility to find, contain, and eliminate threats faster, with limited disruption.
![Experience symbol]()
ExperienceTrusted experts who mobilize quickly and act decisively in over 1K incidents per year.
Get the latest news, invites to events, and threat alerts
Products and Services
- AI-Powered Network Security Platform
- Secure AI by Design
- Prisma AIRS
- AI Access Security
- Cloud Delivered Security Services
- Advanced Threat Prevention
- Advanced URL Filtering
- Advanced WildFire
- Advanced DNS Security
- Enterprise Data Loss Prevention
- Enterprise IoT Security
- Medical IoT Security
- Industrial OT Security
- SaaS Security
- Next-Generation Firewalls
- Hardware Firewalls
- Software Firewalls
- Strata Cloud Manager
- SD-WAN for NGFW
- PAN-OS
- Panorama
- Secure Access Service Edge
- Prisma SASE
- Application Acceleration
- Autonomous Digital Experience Management
- Enterprise DLP
- Prisma Access
- Prisma Browser
- Prisma SD-WAN
- Remote Browser Isolation
- SaaS Security
- AI-Driven Security Operations Platform
- Cloud Security
- Cortex Cloud
- Application Security
- Cloud Posture Security
- Cloud Runtime Security
- Prisma Cloud
- AI-Driven SOC
- Cortex XSIAM
- Cortex XDR
- Cortex XSOAR
- Cortex Xpanse
- Unit 42 Managed Detection & Response
- Managed XSIAM
- Next-Generation Identity Security
- Privileged Access Management
- Identity and Access Management
- Endpoint Privilege Manager
- Identity Governance
- Workforce Password Management
- Agentic Identities
- Secrets Management
- Unified Secrets Governance
- Application Credentials Delivery
- Vendor Privileged Access
- Threat Intel and Incident Response Services
- Proactive Assessments
- Incident Response
- Transform Your Security Strategy
- Discover Threat Intelligence
Company