Case Study: Large Financial Services Company detects and remediates an evolving APT and 3,000 compromised endpoints with Cybereason

A large financial services company resolves an evolving APT with behavior-based detection

Large Financial Services Company, a 120,000-employee organization with a mature incident response team, was facing repeated data exfiltration where each compromised endpoint presented unique, rapidly changing IOCs that vanished after inspection. Traditional IOC-based hunting couldn’t find the full scope of the attack, so the company engaged Cybereason and deployed the Cybereason platform across its endpoint environment.

Cybereason rolled out sensors to 5,000 PCs and servers in a few hours and used its Hunting Engine to detect attacker Tactics, Techniques, and Procedures (TTPs); after a five-day hunt it uncovered 3,000 compromised endpoints. By shifting to TTP-based detection, Cybereason revealed only seven recurring techniques (including lateral movement, DGA command-and-control and DLL injection), enabling faster, non-disruptive remediation and restoring visibility and control.