Case Study : Cyber Incident Response for a global banking institution

Red5 was enlisted by a leading Financial Services company to perform breach containment following a large-scale security incident via a sophisticated attack. The incident investigation highlighted some resource challenges for the IT Security team to be able to keep pace with the increasing demand of cyber threats. These challenges required attention from the senior decision-makers of the organization.

Red5 were able to successfully identify the threat, we managed the response to the breach, and implemented measures to contain the threat. Security improvements were recommended and implemented as part of an agile bespoke program which significantly reduced the risk of a future incident occurring.

Organisation: FTSE 100 Financial Services Company

Industry: Banking

Challenge: Perform breach containment following a large-scale security incident

Solution: Red5 brought in senior advisors to liaise with the client and contain and secure the wider security estate to prevent the attackers from returning

Result: The incident was dealt with, and areas of improvement were identified, enhancing the security posture of the organisation and helping to ensure similar attacks can be handled in the future

The incident demonstrated to the organisation that it needed to prioritize its IT security systems to mitigate potential vulnerabilities going forward.

The complexity of the estate and the requirements to maintain business-as-usual operations made improvements slow and unwieldy. Red5 successfully prioritised, implemented, and managed the response as well as provided longer term improvements to dramatically reduce risk exposure.

The organisation enlisted the support of Red5’s Cyber Incident Response Team (CIRT) service to perform Digital Forensics and Incident Response (DFIR) and threat hunting across hosts, logs, and networks to fully understand the extent of infiltration.

As the extent of the incident was revealed, Red5’s drafted in specific expertise to liaise with the board of the organisation and manage the incident from a technical perspective while providing valuable insight to the senior non-technical audience.

The in-house IT team was not able to act on the findings that Red5 had presented during the course of the investigation due to resource constraints and a lack of advanced security knowledge. This led to the organisation engaging with Red5’s Security Improvement and Remediation (SIR) team.
The SIR team included a senior cyber advisor and program manager who were able to contextualise the broader issues to the senior board of the organisation. The team also planned out the remediation steps for the containment and eradication phase and the critical priorities for implementing security improvement fixes.

The main priority for the SIR team was to secure the wider security estate of the organisation to prevent the attackers from returning by rapidly reducing risk exposure. This was done by tasking the in-house IT function with concise work packages, as well as putting in place floating IT security gurus who acted as troubleshooters. This ensured the recommended changes could be implemented seamlessly and rapidly.

The initial incident was dealt with rapidly and comprehensively thanks to Red5’s incident response team and the close integration with senior cyber advisors and the SIR team. The attackers were fully removed from the environment, and the security posture of the estate was raised to prevent and detect similar activity.

The vulnerabilities and areas of improvement for the organisations overall security environment, identified during the course of the investigation, were acted upon by the SIR team, which accounted for a third of the work conducted for the company.

Critically, the prioritised work packages implemented cooperatively by Red5’s SIR team and the client’s in-house IT team significantly and rapidly enhanced the security posture.

This not only ensured that the implemented changes were appropriately prioritized and fit for the purpose but also that the organization managed to put in place a more strategic direction for security improvement going forward. These improvements include long-term monitoring through XDR via our security partnership with OneFirewall Alliance.

Red5 exists to make the digital world safer and more secure.
As global experts in cyber security and risk mitigation, Red5 is trusted by hundreds of customers worldwide to protect their most critical assets from the ever-changing threat landscape.

Get Started on Your Cyber Security Journey
Our experts are ready to help you stay ahead in a constantly changing threat landscape. Contact us today to learn more about what Red5 can do for your organisations unique cybersecurity needs.

24/7 Incident Response + 44 (0) 1254 402 410