West Monroe helped the company recover its on-premises infrastructure following various targeted malware and ransomware incidents and then implemented key changes to its Office 365 environment to protect the organization in the future.

The Challenge

Identifying infected machines and stopping future infections 

As a West Monroe team worked with the client to clean up its environment and design future IT infrastructure requirements, it recognized new indicators of compromise. Users were still receiving and clicking on malicious links or attachments in emails, thus infecting more machines. An assessment found that the client’s spam filter was failing to block these emails. Additionally, due to users’ lack of security education, some users were “giving away” their credentials to bad actors through fake Office 365 sign-in pages. 

The Solution 

Next-generation antivirus and Office 365 security best practices 

West Monroe worked with the client to introduce several new solutions and practices that strengthened its security posture. This included implementing Carbon Black along with other best practices to protect end users from the ever-evolving threat landscape. The Carbon Black tool inspects applications and processes running on user machines. It can report or block suspicious or malicious activity based on both global threat intelligence, as well as client-specific configurations. In addition to deploying this tool for preventative purposes, the team used it to identify 10 infected servers and 1,100 infected workstations that required cleaning or decommissioning. The process identified 47 unique malware instances belonging to various families, including IcedID, Nymaim, Kryptik, and GrandCrab.

Other steps included:

  • Moving from a third-party mail hygiene solution to Exchange Online Protection with Advanced Threat Protection (ATP), stopping most malicious emails before they ever make it inside the organization.
  • Recommending a phishing testing system to test and educate users on email security.
  • Using Office 365 Conditional Access and MFA to identify specific compromised accounts and infected endpoints. 

The Impact 

Issues resolved; infrastructure strengthened for the future 

With West Monroe’s support, the client now has cleaned and hardened both its server and workstation infrastructure, as well as its Office 365 environment, stopping the spread of malware. 

More importantly, implementation of three key security tools has established a stronger, proactive security posture going forward. With Carbon Black, the company’s IT team can respond in real time to threats on users’ workstations. Office 365 ATP allows the organization to monitor and prevent the latest email- based threats targeting system users. And Office 365 Conditional Access enables the company to block unauthorized logins to users’ mailboxes and monitor such attempts in real time.

Download PDF