One School District was seeing odd behavior within their data center, and understood they had a security incident on their hands. It seemed that malware had affected their systems. While they were able to do some preliminary work on investigating and halting the malware, it kept morphing and growing inside certain parts of their networks. Eventually the magnitude of the problem became apparent, and they knew they needed help.
We flew top security engineers to the School District to help them identify the malware. Using Cisco’s Advanced Malware Protection (AMP) for endpoints, along with a number of other Cisco tools coupled with some open-source toolsets, we were able to get better insight into the traffic on their network, and thus to the heart of the problem. It turned out that the malware was a known exploit seeking financial and other personal data. Fortunately, we discovered that the malware did not expose any sensitive information.
Using the tools we had available, we were able to identify “patient zero” and understand how and when the malware spread across endpoints. From there, we were able to begin cleansing the District’s network and data center.
Together with the School District’s IT team, we developed iron-clad rule sets and policies for the AMP software to ensure higher security going forward. We then deployed those rule sets to high-value assets in the School District’s environment.
After the immediate problem was solved, it was time to address the state of the District’s security as a whole. We helped them configure all of their new security solutions to meet their current needs, recommended enabling two-factor authentication and advised on how best to keep up with critical security patches.
By training District IT staff on visibility and control platforms, general security awareness and how to prioritize security projects, the District now is able to ensure the safety of their faculty, employee, and students’ data.