A Fortune 500 medical technology firm was looking to reduce the risk associated with acquired entities during acquisition integration.
To deploy and enable protection on all servers
Admin and service accounts removed
Risk reduction with no added FTE
The security group at the global MedTech firm had two key initiatives underway. First, as the firm had recently made a number of strategic acquisitions, a major transformation was underway to merge the IT infrastructure of the acquired entities. This included the merging of Active Directory domains. Second, the "red team" within the security group was performing due diligence on the acquired entities to understand their risk posture before absorbing their infrastructure.
Red team performed their assessment and indicated elevated risk levels within the acquired entities. They also successfully demonstrated hijacking local administrator accounts for lateral movement purposes. This implied absorbing Active Directory domains with higher risk would have increased the overall risk posture of the firm.
The security group was tasked with solving this issue with (1) no program in place to address privileged access, (2) no additional available FTE capacity and (3) no appetite for agent based technologies. End users at the firm were already experiencing "agent fatigue" because their current Endpoint Management and Antivirus technologies had demonstrably degraded performance.
Finally, the integration completion dates were committed to investors so the team had to reduce risk without slowing down the integration or upsetting users.
“Our red team was able to acquire a normal user account, log into a system, then elevate the access of the account in such a way to continue escalating privileges and then move laterally wherever they wanted to go. From local admin to domain admin, they could do whatever they wanted. That is what we are hoping to stop. We want to reduce that footprint where attackers can get a foothold and able to move laterally.”
Lead Security Analyst
Remediant took a four step approach to addressing the firm's key issues in a timely fashion:
Remediant initiates deployment
Management console deployed and all in scope endpoints successfully scanned
All Servers in protect mode - Service accounts and nested access were a major challenge.
Hypercare to add non-ADM accounts to groups and persist unidentified service accounts.
The security group's ability to use Remediant to reduce risk without delaying the firm's integration milestones or without impacting user experience made all the difference. Remediant's track record with rapid deployments and agentless approach made this possible. Specifically, the security group called out the following four capabilities: