The activity indicated attempts to retrieve AD access information and stop their M-EDR service. At first glance this looked like a third-party user trying to gain access or attack the customer’s environment?

The issue was quickly identified, and the compromised end-point immediately contained. Following a basic study a deeper investigation was performed, with all activity and detection details retrieved and all findings reported to the customer.

The customer expressed their satisfaction with the actions of Kyocera’s Cybersecurity team and our detection mechanisms. They confirmed it was an NIS2 compliant penetration test conducted by their IT team that triggered the alerts.

Customers inform us about ‘red teaming’ or penetration test work including timeframes, running applications, tools, scripts, paths, and relevant hostnames ahead of any planned activity. This enables the Kyocera Cybersecurity team to test and understand behaviours, triggers and alerts and then apply detection exclusions in the customer environment for the duration of the planned test, if required.

If no triggers are detected no exclusions are applied allowing us to continue proactively monitoring the customer environment during the agreed testing period.

What is Red Teaming?

Red Teaming is a process for testing cybersecurity effectiveness where ethical hackers conduct a simulated and non-destructive cyberattack. The simulated attack helps an organisation identify vulnerabilities in its system and make targeted improvements to security operations.

Definition: IBM