Case Study: DuPont stops a phishing scheme with Red Canary

Red Canary detects unauthorized email access, prevents phishing scheme at Fortune 250 company

DuPont, a Fortune 250 company with an internal security operations center of about 10 people protecting more than 35,000 endpoints, needed help spotting suspicious account activity and phishing attempts in Microsoft 365. In one incident, a user set up an email forwarding rule to an external mailbox, and the team later discovered signs that an unauthorized user had bypassed conditional access and accessed the account.

Using Red Canary’s alerting and playbooks, DuPont’s CIRT was notified by email and text message, identified suspicious mail rules, and quickly responded even after hours. Red Canary detected the adversary’s attempts to forward emails, delete messages, and send phishing emails to employees, and the incident was remediated in 26 minutes, with the attack stopped before it could spread and cause material business impact.

DuPont