Netsurion logo Netsurion logo
  • Managed Threat Protection
    Back
    Managed Threat Protection
    EventTracker

    Powerful threat prediction, prevention, detection, and response along with compliance in a scalable, simple managed solution.

    • Solution Overview Managed Threat Protection
    • Platform Details Threat Protection Platform
    Key Capabilities
      Back
      Key Capabilities
    • Security Operations Center
    • SIEM
    • Endpoint Protection
    • Threat Detection & Response
    • Intrusion Detection
    • Network Traffic Analysis
    • Vulnerability Assessment
    • Threat Hunting
    Business Applications
      Back
      Business Applications
    • Banking & Financial Services
    • Healthcare & Pharmaceutical
    • Retail & Hospitality
    • Regulatory Compliance
  • Secure Edge Networking
    Back
    Secure Edge Networking
    BranchSDO

    All-in-one networking solution that combines network connectivity, agility, security, and compliance in an affordable managed solution.

    • Solution Overview Managed Secure Edge Networking
    • Platform Details Edge Networking Platform
    Key Capabilities
      Back
      Key Capabilities
    • Network Operations Center
    • Secure SD-WAN
    • Next-Gen Firewall
    • Network Threat Response
    • Network Segmentation
    • Cellular Failover
    • Wi-Fi Management
    • PCI DSS Compliance
    Business Applications
      Back
      Business Applications
    • Restaurant & Hospitality
    • Retail & C-Store
    • Branch Offices
    • Point-of-Sale Solutions
  • Partners
    Back
    Partners
    Partner Program Overview

    Accelerate business growth through our award-winning partner program.

    • Partner Program Overview
    • Managed Service Provider Program
    Partner Program Overview Image
  • Insights
    Back
    Insights
    Insights
    • View All
    • Cybersecurity
    • Edge Networks
    • Compliance
    • SOC Catch of the Day
    • Webcasts & Events
    Insights Image
  • Company
    Back
    Company
    About Us
    • About Netsurion
    • Leadership
    • News
    • Careers
    • Contact Us
    About Us Image
  • Support
    • myNetsurion
    • BranchSDO Support
    • EventTracker Support
  • Support
  • myNetsurion
  • Contact Us
  • How to Buy

SOC Catch of the Day

We review billions of logs daily to keep you safe from advanced threats.

HomeInsights Catch of the Day Phony Performance Warning Foiled

Phony Performance Warning Foiled

The Network:  Our customer is a well-known law firm with more than 350 lawyers practicing across the globe who counsel multinational corporations, privately held and family-owned businesses, individual and institutional investors, educational and research institutions, and other clients in a broad range of legal disciplines.

The Expectation: The primary user is not an IT professional and therefore must be kept safe against malware that is prevalent today. Endpoints are carefully maintained with patching and a brand name anti-virus program. However, end users may make poor decisions, and cyber attackers will exploit every possible vector, so monitoring is needed.  EventTracker SIEM enables the global law firm to protect sensitive client data from insider threats as well as external hackers.

The Catch: The EventTracker SOC (Security Operations Center) team observed an undesirable process executing on the customer’s workstation. It was permitted to do so by the brand name anti-virus software. The executable was digitally signed with a certificate from Symantec.

The Find: The undesirable program masquerades as Advanced PC Care and displays misleading information about the computer's performance. It then asks the end user to pay to fix the issues.

The Fix: The EventTracker SOC promptly alerted the administrator to uninstall this program and properly scan the target. The program was bundled with a malicious YouTube installer that the end user had not noticed.

The Lesson: User training is critical, but the best of us can succumb given the sheer volume of malware that we face every day. Administrations must trust but verify user actions. Your security analysts will be proactively notified by the EventTracker SOC only when high-risk incidents occur, so that appropriate action occurs as quickly to minimize dwell time.

Related Catches
  • Dubious Document Destroyed at Law Firm
  • Vulnerable VoIP
  • Man-in-the-middle Disrupted at Multinational
Latest Catches
  • Cryptomining via PowerShell Caught at Retailer
  • MITRE ATT&CK Enriches Ransomware Detection
  • Keylogger on MSP Endpoints
Catch of the Day Catch of the Day RSS Feed

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept

Contact Us

  • (713) 929-0200
  • BranchSDO Support
  • EventTracker Support
  • partners@netsurion.com
  • sales@netsurion.com

Partners

  • Partner Program Overview
  • Managed Service Provider Program
  • Partner Portal Login
  • Find a Partner

Quick Links

  • Why Netsurion?
  • Blog
  • Careers
  • Managed Threat Protection
  • Secure Edge Networking

Follow Us:

Stay in the Loop

  • Terms of Use
  • |
  • Privacy Policy
  • |
  • Descriptions of Services
  • |
  • Contact Us
  • |
  • Sitemap
  • |

Copyright © Netsurion. All rights reserved