REMEDIANT IS NOW PART OF NETWRIX  READ PRESS RELEASE

Blog
Get a Demo
  • There are no suggestions because the search field is empty.
Contact Us
Get a Demo

Customer Stories

    Use Cases

     

    Watch this video to learn about Zero Standing Privilege (2:08)
    Blog
    Get a Demo
    • There are no suggestions because the search field is empty.
    Contact Us
    Get a Demo

    Customer Stories

    Use Cases

     

    Watch this video to learn about Zero Standing Privilege (2:08)
    Menu
    Contact Us
    Blog
    Get a Demo
    • There are no suggestions because the search field is empty.
    act-sample-bg33.jpg
    Medtech Logo

    Enterprise deployment over a weekend

    Reduced footprint for lateral movement / attack spread for 6,000 servers 

    At a Glance

    A Fortune 500 medical technology firm was looking to reduce the risk associated with acquired entities during acquisition integration.

    5.5 hours

    To deploy and enable protection on all servers

    1.5M

    Admin and service accounts removed 

    99%

    Risk reduction with no added FTE

    Before Remediant

    The security group at the global MedTech firm had two key initiatives underway. First, as the firm had recently made a number of strategic acquisitions, a major transformation was underway to merge the IT infrastructure of the acquired entities. This included the merging of Active Directory domains. Second, the "red team" within the security group was performing due diligence on the acquired entities to understand their risk posture before absorbing their infrastructure.

    • Executed with existing resources
    • No formal PAM program or tool
    • No appetite for agents – Multiple agents already degrading performance
    MedTech Background

    The Problem

    Red team performed their assessment and indicated elevated risk levels within the acquired entities. They also successfully demonstrated hijacking local administrator accounts for lateral movement purposes. This implied absorbing Active Directory domains with higher risk would have increased the overall risk posture of the firm.

    The security group was tasked with solving this issue with (1) no program in place to address privileged access, (2) no additional available FTE capacity and (3) no appetite for agent based technologies. End users at the firm were already experiencing "agent fatigue" because their current Endpoint Management and Antivirus technologies had demonstrably degraded performance.

    Finally, the integration completion dates were committed to investors so the team had to reduce risk without slowing down the integration or upsetting users.

    “Our red team was able to acquire a normal user account, log into a system, then elevate the access of the account in such a way to continue escalating privileges and then move laterally wherever they wanted to go. From local admin to domain admin, they could do whatever they wanted. That is what we are hoping to stop. We want to reduce that footprint where attackers can get a foothold and able to move laterally.”

    user-white

    Lead Security Analyst
    MedTech

    Accelerating with Remediant

    Remediant took a four step approach to addressing the firm's key issues in a timely fashion:

    • Deploy (1 hour): Remediant SecureONE requires no agents on endpoints. The management console was shipped and deployed as a single virtual machine.
    • Scan (2 hours, 5,500 servers): A targeted scan of the potentially compromised network was conducted to surface the standing administrator access identified by the red team. These accounts could be potentially compromised for island hopping, counter IR or ransomware infection. Remediant discovered 1.5M human and 6.2K service accounts with admin rights exposure
    • Protect (3.5 hours, 1.5 million admin access records removed): SecureONE "Protect mode" was turned on to remove all standing access with the exception of critical path machine accounts that were marked "persistent" and monitored for login attempts with MFA. Remediant reduced the risk exposure by 99% removing 1.5 million admin access records
    • Hypercare mode (ongoing): Transitioned to “hyper-care” mode to evaluate and add back non-administrator accounts and unclaimed service accounts

    Enterprise Roll-out Over a Weekend
    one
    Friday 6:00 PM

    Roll-out Start 

    Remediant initiates deployment

    two
    Friday 8:30 PM

    Install & Scan Complete

    Management console deployed and all in scope endpoints successfully scanned

    three
    Friday 11:30 PM

    Protect Mode Complete

    All Servers in protect mode - Service accounts and nested access were a major challenge.

    four
    Sunday

    Hypercare Period

    Hypercare to add non-ADM accounts to groups and persist unidentified service accounts.

    What made the difference?

    The security group's ability to use Remediant to reduce risk without delaying the firm's integration milestones or without impacting user experience made all the difference. Remediant's track record with rapid deployments and agentless approach made this possible. Specifically, the security group called out the following four capabilities:

    • Rapid roll-out of protect mode (<6 hours)
    • Defined IR playbook with QuickStart & pre-built VM
    • Use of “freeze” mode for non-ADM and service accounts during hyper-care period
    • Agentless deployment implied no LOB disruption
    SecureONE

    Get a demonstration of Remediant SecureONE today!
    See first hand how to stop lateral movement & prevent ransomware attacks by removing 24x7 admin access.
    Schedule Your Demo Today

    More

    Customers →
    Customers

    Read

    Use Cases →
    Use Cases

    Browse

    Resources →
    Resources