INTRODUCTION
A large automotive manufacturer needed to strengthen its defenses following a business email compromise event that exposed key gaps in their incident response plan. They turned to the Unit 42® team for in-depth incident response planning customized to their environment and ongoing IR retainer services.
CHALLENGE
Rev up incident response (IR) following an attack
After recovering from a business email compromise (BEC), a global automotive manufacturer realized they needed to
shore up their defenses and be better prepared should a more significant incident occur. It was a wake-up call—the
incident response effort had exposed key gaps in their IR plan.
While no company wants a cybersecurity event to occur, occasionally the event can serve as a catalyst for the organization to refocus its attention on security and the overall resilience of the company. For this automotive manufacturer, a business email compromise prompted the enterprise to get more proactive about incident response.
While no company wants a cybersecurity event to occur, occasionally the event can serve as a catalyst for the organization to refocus its attention on security and the overall resilience of the company. For this automotive manufacturer, a business email compromise prompted the enterprise to get more proactive about incident response.
REQUIREMENTS
Find a partner to plan and prepare
Post-breach, they wanted to take the lessons learned and better prepare for the next time the plan was put into action.
A key first step was to identify a long-term partner able to help them not only better defend and prepare for future
incidents but be at the ready to assist them every step of the way should an incident occur again.
SOLUTION
Unit 42: A trusted advisor to strengthen IR planning
After interviewing a number of incident response consulting firms, this manufacturer chose the team they had come
to trust during their business email compromise investigation. They called in the Unit 42 experts to assist them in
developing an incident response plan.
The Unit 42 team conducted an in-depth review of the manufacturer’s IT environment, security tools, processes, procedures, and documentation. They identified security gaps as well as incident response plan deficiencies and assisted the company in bolstering its security defenses and building a complete, tailored IR plan to better protect the business. Once the teams were comfortable with the IR plan, Unit 42 tested it through a series of tabletop exercises to better familiarize the teams with the new workstreams and validate that the plan works. The organization viewed the retainer and these proactive services as the beginning of a long-term relationship. This client can rely on Unit 42 to be ready to assist should a future incident occur.
The Unit 42 team conducted an in-depth review of the manufacturer’s IT environment, security tools, processes, procedures, and documentation. They identified security gaps as well as incident response plan deficiencies and assisted the company in bolstering its security defenses and building a complete, tailored IR plan to better protect the business. Once the teams were comfortable with the IR plan, Unit 42 tested it through a series of tabletop exercises to better familiarize the teams with the new workstreams and validate that the plan works. The organization viewed the retainer and these proactive services as the beginning of a long-term relationship. This client can rely on Unit 42 to be ready to assist should a future incident occur.
BENEFITS
A “Go Book” to speed and strengthen IR
Unit 42 created a “Go Book” for the client that provides information for both Unit 42 and the client on key contacts,
processes, and resources, which will help expedite the response to an incident if needed.
A Unit 42 “security advisory group”—including staff from risk management, forensics, leadership, and more— meets with the client team quarterly to perform a security health check, make any needed adjustments or assessments (such as vulnerability scans or penetration testing), ensure the “Go Book” is still up to date, and carry out periodical tabletop exercises.
A Unit 42 “security advisory group”—including staff from risk management, forensics, leadership, and more— meets with the client team quarterly to perform a security health check, make any needed adjustments or assessments (such as vulnerability scans or penetration testing), ensure the “Go Book” is still up to date, and carry out periodical tabletop exercises.
RESULTS
Stronger security with experts at the ready
Thanks to the expertise of the Unit 42 team, this automotive manufacturer is better able to defend against cyberattacks
as well as more quickly and confidently respond to a cybersecurity incident. They now have well-defined, documented,
and regularly updated processes and procedures plus a team of experts on speed dial who can quickly help in containing,
responding, and recovering from cyberattacks.
To learn more about Unit 42, visit paloaltonetworks.com/unit42.
To learn more about Unit 42, visit paloaltonetworks.com/unit42.
Get in touch
If you’d like to learn more about how Unit 42 can help your organization defend against and respond to severe
cyberthreats, visit start.paloaltonetworks.com/contact-unit42 to connect with a team member
Under attack?
If you think you may have been breached or have an urgent matter, please email unit42-investigations@paloaltonetworks.com or call US Toll-Free: 1.866.486.4842 (866.4.UNIT42), EMEA: +31.20.299.3130, and
JAPAC: +65.6983.8730