How At-Bay MDR Quickly Resolved a False Positive Credential Alert
At-Bay Stance MDR team identifies and contains potential apparent credential harvesting in 15 minutes
The At-Bay MDR team worked with the client to discover the alert was a false alarm, then restored the client to normal business operations with minimal interruption.
The Client
- Industry: Educational non-profit
- Revenue: $5M – $25M
- Size: 20 – 100 employees
- Attack Type: False positive disposition, potential credential theft via credential dumping alert
The Situation
CrowdStrike Falcon, an EDR platform deployed by At-Bay’s Managed Detection and Response (MDR) team, detected unusual activity on a client’s public server. An At-Bay Security analyst then observed it looked like someone was attempting to steal IT administrator credentials. This behavior is typical of what an attacker would do if they were trying to break into a network, with the further intent of launching a ransomware attack or stealing company data.
Remediation Process
Believing this behavior was the initial stage of an attack, At-Bay’s security analyst isolated the server from the company’s network within 5 minutes of detection. The analyst then called the client to explain what he had detected.
The client confirmed that a contracted developer had been asked to transfer credentials from an old server to a new one. Even though the activity looked suspicious, the developer had permission to access the credentials. After a short phone call, At-Bay’s Security Analyst confirmed everything was fine and restored the server. The entire process, from the initial alert to resolving the issue, took just 15 minutes*.
The Result
Although the alert was a false alarm, the client was pleased that At-Bay’s MDR team acted to contain the issue. Even best-in-class security software can struggle to consistently tell the difference between harmless and harmful behavior in IT systems. By involving experts to handle remediation, At-Bay responded to the threat, quickly communicated with the client, and restored the server once the analyst confirmed it was legitimate activity to keep the client’s business moving.
At-Bay Stance Managed Detection and Response
At-Bay Stance MDR protects your organization against modern threats like ransomware, financial fraud, phishing, and identity-based attacks with comprehensive endpoint, cloud, email, and identity security solutions.
At-Bay’s MDR experts help businesses stay secure and reduce cyber risk at a fraction of the cost and hassle of hiring an in-house team. It provides a layer of protection many businesses typically can’t afford, securing endpoints, email, identity, and cloud, at an accessible price.
*Response timelines differ. Past results do not guarantee future outcomes. This content is provided for information purposes only and is not intended to define any Policy commitment. No warranty is given or liability accepted regarding this information.
At-Bay Stance MDR is provided by At-Bay Security, LLC (“At-Bay Security”), and available to eligible businesses with or without an insurance policy placed through At-Bay Insurance Services, LLC. At-Bay Security, LLC is a wholly owned subsidiary of At-Bay, Inc., providing cybersecurity services including MDR and incident response. At-Bay Security, LLC does not provide insurance services.