On a Sunday afternoon, Justin Mirksy, Managing Partner at DBT, received a critical alert from Todyl’s detection engineers for one of his clients. DBT was not utilizing Todyl's Managed eXtended Detection and Response (MXDR) or Endpoint Security (EDR+NGAV) modules in place at the time, however the MXDR team periodically reviews critical alerts for accuracy and immediately reached out to DBT as a courtesy due to the severity.
Todyl’s detection engineers identified an unknown threat actor attempting to exfltrate user credentials and data from DBT’s client, which is an indication that ransomware was about to be deployed.
Todyl’s MXDR team immediately launched an investigation covering multiple areas of concern: logon activities, credential dumping, lateral movement, and the attempted loading of several malicious binaries. The team identified the compromised account by looking at a multitude of failed logon attempts, followed by a successful logon from the public internet in an IP block not used by the client.
Download the full case study to learn more about how Todyl helped DBT become the hero who saved the day.
It was clear that Todyl’s MXDR was truly looking out for us 24/7. When I got the call from their detection engineers on a Sunday, I asked them to jump in and help us and they agreed right away."
Justin Mirsky, Managing Partner, Direct Business Technologies