A Proactive approach to In-house IT threats, CSIRT activities and Shadow IT / virtual PC
Challenge
Lack of visibility in internal network and early detection of threats
Results
After experiencing the WannaCry ransomware attack in 2017, the Ricoh Group faced the challenge of rapidly increasing alerts and a lack of visibility in their internal network. The CSIRT team struggled to analyze the logs and understand the attack's impact on their systems, emphasizing the need for improved network visibility and threat detection.
The Ricoh Group implemented Vectra, an AI-driven threat detection and response platform, after being recommended by security experts from Nissho Electronics. Vectra provided real-time monitoring capabilities, prioritized alerts without rule creation, and enhanced reporting capabilities. The platform helped the CSIRT team capture and analyze data across the enterprise, addressing the challenge of internal network visibility.
With Vectra deployed, the Ricoh Group gained a proactive approach to detecting early signs of incidents, leading to more effective countermeasures. The platform revealed hidden activities, including Shadow IT and virtual PCs, enabling the company to enforce policies against the use of cloud services for individual contracts. The clarity and efficiency of Vectra's dashboard, along with its AI-driven threat detection, strengthened the overall security posture of the Ricoh Group, making them resilient against current and future cyber threats.
“The ransomware attack was detected on the endpoint, but over time, the number of alerts informing us about the attack increased rapidly.”
“Detected events are plotted on two axes, certainty and threat level, and when they are detected, their priorities are clear. It works for several analysts.”