// Cyberattack on international business group

From total IT shutdown to complete restoration in less than 2 weeks

// Complete IT infrastructure restored in less than
2 weeks

// Established automated security overviews & rule-based whitelisting

// Significantly improved reliability through data consolidation, transformation & enrichment

International business group gets complete IT asset overview just days after a critical phishing attack and develops an innovative, future-proof IT security strategy.

To prevent cascading damage from a phishing attack, a major global grocery wholesaler had to shut down its IT systems worldwide. Bringing them back online meant first establishing a complete IT inventory and then ensuring the security of each asset. Without a functioning IT, this proved to be a significant challenge. Raynet’s Unified Data Platform gave the organization the tools it needed to completely restore its digital infrastructure in just 13 days.

The Challenge
A phishing attack left this major grocery wholesaler without access to its entire IT system. From its Outlook servers to Active Directory, to SSO solutions to cash registers, to digital price tags and commerce apps, everything had to be taken offline to prevent the attack from spreading and causing significant damage.

With the attackers locked out of the system, the wholesaler was faced with the problem of bringing its global IT back online while also ensuring the security of its systems and data. The challenge was twofold:

    1. The retailer would need a complete inventory of its hardware assets. While such an inventory did indeed exist, the result of a recent Software Asset Management program with Raynet, the attack had left the wholesaler without access to the data. A digital catch-22.
    2. Once the organization had an overview of its IT, it needed to ensure the security of each asset before the asset was brought back online. Unmitigated vulnerabilities could destroy any progress they had made in restoring their critical business IT.

The Solution & Customer Benefits
Raynet’s Unified Data Platform chosen as foundation for aggregating and transforming asset and security data, and Raynet also provided a quick and secure exit from the catch-22: A backup copy of the inventory data from the previous Software Asset Management project was still on hand. While the data was a year old, it provided the organization with a baseline for restoring its systems.

The organization met with Raynet and another service provider to develop an action plan for restoring its global IT.  

The Unified Data Platform’s transformation and normalization capabilities meant that it could connect to and gather data from a vast array of tools, so that the grocery giant could aggregate the data, identify, and remediate gaps, and ensure the validity of asset records.

This last step was crucial for guaranteeing the security of the environment as it went back online: data from multiple security tools was compared to ensure that the records said the same thing. Until discrepancies were resolved, the relevant assets were treated as insecure and left off the network.

Technologies

Download Success Story as PDF file

Download the success story on our Cyber Asset Attack Surface Management project now.

Share this post

“The situation was both critical and sensitive, so ‘excited’ is probably the wrong word, but we welcomed the chance to tackle this project. We’re very pleased both with the rapid results and with the opportunity to apply our expertise to managing and mitigating cyberattacks, a rapidly growing problem.”

As various installations were brought back online, the older discovery data was refreshed with new data. The managed service solution was hosted on Raynet servers, giving the grocery giant a data clean room, where it could access its inventory data while it ensured the safety and security of its other systems.

Within just 13 days, the organization had a handle on its most critical systems, allowing it to return to business as usual while it worked on the remainder of its IT.

Raynet continues to host the solution as a trusted third-party fallback in the event of another attack. The solution:

  • Consolidates data from numerous different sources to improve quality and reliability
  • Uses ETL (Extract, Transform, Load) to map the different data sources
  • Provides an overview of the inventory, including how recent the data is, which sources the data comes from, and whether there are verification issues with the data
  • Gives insight into the security status of each of the devices

The first systems were up and running after just a few days. Internal IT systems were restored, and the wholesaler established an off-site online system where they could store and retrieve the most recent inventory data and security reporting without needing to have their entire IT fully restored. For the grocery giant, this was the crucial first step in getting its IT online and to ensuring the security of its systems.

Upshot & Next Steps
The grocery giant and its partners established a multi-pronged approach for discovery, inventory, and verification of the organization’s assets. They combined security and inventory tools to determine what the asset was, which country and region it was in, and which local IT organization was responsible for it. Enriching the inventory list with organizational data allowed the wholesaler to add another security layer: if a local IT department didn’t recognize a device, one it was ostensibly responsible for, then the device remained offline until it could be properly identified, secured, and assigned an owner.

Additionally, they implemented a naming convention that allowed them to more easily identify the country and location to which the asset belonged. They combined this with data from various security solutions to ensure that the devices were indeed recognized by the solutions and covered by them.

Getting its baseline IT up and running, so it could fulfill its commitments to customers, partners, and its own suppliers, was just the first step for the grocery giant. The next challenge is ensuring that it has a better understanding of the security of its entire digital infrastructure. Working with Raynet and a service partner, the wholesaler is establishing automated rulesets to keep unsecured assets from going online, which adds another layer of defense to its critical business IT. If, for instance, asset inventory data isn’t up to date, the device will be automatically taken offline until the data has been refreshed. Similarly, if the device hasn’t been recognized by a minimum number of security tools, then it can also be taken offline.

This more robust approach to securing the grocery giant’s IT infrastructure will help to ensure business continuity even in the face of increased cyber threats.

Do you already know our blog?

Read our latest whitepaper:

In this whitepaper, you’ll find out how a technology catalog changes how you see your data.

“The attack was an absolute wake-up call for us. Organizations need to ask themselves: Do we have the transparency we need over our IT assets? Do we know what’s already secure and how we secure it? Can we easily locate the security gaps in our infrastructure? Can we access the data we need quickly and safely in the event of such an attack?”

// Discover to Manage

This might also interest you

Contact our experts

You are interested in our solutions, need further information or have questions? We will support you with your request – contact us today.

// Cyberattack on business group

From total IT shutdown to complete restoration in less than 2 weeks

// Complete IT infrastructure restored in less than 2 weeks

// Established automated security overviews & rule-based whitelisting

// Significantly improved reliability through data consolidation, transformation & enrichment

International business group gets complete IT asset overview just days after a critical phishing attack and develops an innovative, future-proof IT security strategy.

To prevent cascading damage from a phishing attack, a major global grocery wholesaler had to shut down its IT systems worldwide. Bringing them back online meant first establishing a complete IT inventory and then ensuring the security of each asset. Without a functioning IT, this proved to be a significant challenge. Raynet’s Unified Data Platform gave the organization the tools it needed to completely restore its digital infrastructure in just 13 days.

The Challenge
A phishing attack left this major grocery wholesaler without access to its entire IT system. From its Outlook servers to Active Directory, to SSO solutions to cash registers, to digital price tags and commerce apps, everything had to be taken offline to prevent the attack from spreading and causing significant damage.

With the attackers locked out of the system, the wholesaler was faced with the problem of bringing its global IT back online while also ensuring the security of its systems and data. The challenge was twofold:

  1. The retailer would need a complete inventory of its hardware assets. While such an inventory did indeed exist, the result of a recent Software Asset Management program with Raynet, the attack had left the wholesaler without access to the data. A digital catch-22.
  2. Once the organization had an overview of its IT, it needed to ensure the security of each asset before the asset was brought back online. Unmitigated vulnerabilities could destroy any progress they had made in restoring their critical business IT.

The Solution & Customer Benefits
Raynet’s Unified Data Platform chosen as foundation for aggregating and transforming asset and security data, and Raynet also provided a quick and secure exit from the catch-22: A backup copy of the inventory data from the previous Software Asset Management project was still on hand. While the data was a year old, it provided the organization with a baseline for restoring its systems.

The organization met with Raynet and another service provider to develop an action plan for restoring its global IT.  

The Unified Data Platform’s transformation and normalization capabilities meant that it could connect to and gather data from a vast array of tools, so that the grocery giant could aggregate the data, identify, and remediate gaps, and ensure the validity of asset records.

This last step was crucial for guaranteeing the security of the environment as it went back online: data from multiple security tools was compared to ensure that the records said the same thing. Until discrepancies were resolved, the relevant assets were treated as insecure and left off the network.

“The situation was both critical and sensitive, so ‘excited’ is probably the wrong word, but we welcomed the chance to tackle this project. We’re very pleased both with the rapid results and with the opportunity to apply our expertise to managing and mitigating cyberattacks, a rapidly growing problem.”

As various installations were brought back online, the older discovery data was refreshed with new data. The managed service solution was hosted on Raynet servers, giving the grocery giant a data clean room, where it could access its inventory data while it ensured the safety and security of its other systems.

Within just 13 days, the organization had a handle on its most critical systems, allowing it to return to business as usual while it worked on the remainder of its IT.

Raynet continues to host the solution as a trusted third-party fallback in the event of another attack. The solution:

  • Consolidates data from numerous different sources to improve quality and reliability
  • Uses ETL (Extract, Transform, Load) to map the different data sources
  • Provides an overview of the inventory, including how recent the data is, which sources the data comes from, and whether there are verification issues with the data
  • Gives insight into the security status of each of the devices

The first systems were up and running after just a few days. Internal IT systems were restored, and the wholesaler established an off-site online system where they could store and retrieve the most recent inventory data and security reporting without needing to have their entire IT fully restored. For the grocery giant, this was the crucial first step in getting its IT online and to ensuring the security of its systems.

Upshot & Next Steps
The grocery giant and its partners established a multi-pronged approach for discovery, inventory, and verification of the organization’s assets. They combined security and inventory tools to determine what the asset was, which country and region it was in, and which local IT organization was responsible for it. Enriching the inventory list with organizational data allowed the wholesaler to add another security layer: if a local IT department didn’t recognize a device, one it was ostensibly responsible for, then the device remained offline until it could be properly identified, secured, and assigned an owner.

Additionally, they implemented a naming convention that allowed them to more easily identify the country and location to which the asset belonged. They combined this with data from various security solutions to ensure that the devices were indeed recognized by the solutions and covered by them.

Getting its baseline IT up and running, so it could fulfill its commitments to customers, partners, and its own suppliers, was just the first step for the grocery giant. The next challenge is ensuring that it has a better understanding of the security of its entire digital infrastructure. Working with Raynet and a service partner, the wholesaler is establishing automated rulesets to keep unsecured assets from going online, which adds another layer of defense to its critical business IT. If, for instance, asset inventory data isn’t up to date, the device will be automatically taken offline until the data has been refreshed. Similarly, if the device hasn’t been recognized by a minimum number of security tools, then it can also be taken offline.

This more robust approach to securing the grocery giant’s IT infrastructure will help to ensure business continuity even in the face of increased cyber threats.

“The attack was an absolute wake-up call for us. Organizations need to ask themselves: Do we have the transparency we need over our IT assets? Do we know what’s already secure and how we secure it? Can we easily locate the security gaps in our infrastructure? Can we access the data we need quickly and safely in the event of such an attack?”

Technologies

Share this post

Contact our experts

You are interested in our solutions, need further information, or have questions? We will support you with your request – contact us today.

// Cyber Asset Attack Surface Management

Download success story for free

// CAASM

Download success story for free

// Cyber Asset Attack Surface Management

Success-Story kostenlos herunterladen

// CAASM

Success-Story kostenlos herunterladen

// Cyberattack on international business group

Schedule a non-binding appointment now

// Cyberattack on business group

Schedule a non-binding appointment now

Schedule an appointment with us

Are you facing a similar challenge or have further questions about the project?

Schedule an appointment with us

Are you facing a similar challenge or have further questions about the project?