How Calgon Carbon saved thousands safeguarding itself from a phishing attack using Log360

Calgon Carbon successfully spots a phishing threat with Log360

When it comes to cyberattacks, we know that it is not a matter of if but when. Ryan Kemp of Calgon Carbon, an IT security analyst II, mentions how one of Calgon Carbon's employees was almost a victim of a phishing email. The employee had opened a phishing email and clicked a malicious link, but since Log360 was deployed, it was able to swiftly detect the attack and minimize the consequences substantially. Discussing the attack attempt, Kemp said, "Log360 is an integral part of our organization's cybersecurity operation."

Being a company that primarily focuses on water and air purifying treatments, Calgon Carbon allocates resources towards research and development to provide cutting-edge solutions. Since it is in possession of proprietary information related to purification technology, it is likely to be subjected to cyberattacks. These attacks could result in financial loss and harm to the company's competitive edge.

Challenges

Calgon Carbon works closely with the U.S. military as its sole provider of approved carbons. This contract requires Calgon Carbon to comply with several regulations to enhance its cybersecurity posture, mitigate cyber risks, and protect proprietary information. One of its requirements was to to comply with CMMC regulations ,which requires comprehensive documentation and reporting of cybersecurity practices and incidents. It also mandates continuous monitoring of systems and networks, which was resource-intensive.

The organization found it difficult to generate compliance reports, track changes to system configurations, and provide documentation of security events and incident responses. It was looking for a solution that ideally does all that at a reasonable cost.

Before deploying Log360, account compromise was a recurring issue in the organization. It had limited visibility into user account activities, making it difficult to detect suspicious behavior or unauthorized access.

Solution

According to Kemp, with Log360, Calgon Carbon was able to:

• Collect logs from various sources, including end-user devices, servers, network devices, firewalls, and antivirus and intrusion prevention systems.
• Use over 30 predefined correlation rules for detecting several common cyberattacks. Calgon Carbon was able to create its own correlation rules based on its requirements with the custom rule builder.
• Expedite effective threat resolution. Log360's attack detection module is integrated with ATT&CK's incident management framework for speedy resolution.
• Monitor and audit critical Active Directory changes in real time. With detailed information on AD objects, Calgon Carbon can track suspicious user behavior, monitor critical changes in groups and OUs, and more to proactively mitigate security threats.
• Leverage critical information from different security events to identify security threats.
• Extract information from logs to construct detailed timelines that give visibility on who did what, when, and where.
• Receive audit-ready compliance reports and violation alerts that make compliance audits a breeze with the integrated compliance management component.

Deploying Log360 for rapid threat detection and response

Calgon Carbon's decision to implement Log360 as its security information and event management (SIEM) solution proved to be beneficial, particularly in the incident where one of its employees fell victim to a phishing email.

By deploying Log360, Calgon Carbon has established a robust security framework that includes real-time monitoring, log analysis, and threat detection capabilities. In this specific case, when an employee clicked on a phishing email, Log360 promptly detected the suspicious activity and alerted the security team. This quick detection allowed the team to take immediate action to mitigate the potential consequences and prevent further compromise.

After integrating Log360, Calgon Carbon is able to continuously monitor its network, and quickly detect and address any new threats.

Other significant features of Log360

Security orchestration, automation, and response: Compile all security data from different platforms such as Exchange Server, Microsoft 365, Infrastructure as a Service solutions, Platform as a Service solutions, Software as a Service solutions, on-premises network devices, servers, and applications, all in a single console. Expedite threat resolution by automating your response to detected incidents using workflow options.

User and entity behavior analytics: Collect and analyze the data of users, machines, and other entities in a network, like event logs and packet capture data. Continuous monitoring and analysis of data from different sources will help to detect anomalies easily and instantly.

Active Directory change auditing: Monitor and audit critical Active Directory changes in real time. Utilize detailed information on Active Directory objects, track suspicious user behavior, monitor critical changes to groups and OUs, and more to proactively mitigate security threats.

About Log360

Log360 is a unified SIEM solution with integrated DLP and CASB capabilities that detects, prioritizes, investigates, and responds to security threats. It combines threat intelligence, machine-learning-based anomaly detection, and rule-based attack detection techniques to detect sophisticated attacks, and offers an incident management console for effectively remediating detected threats. Log360 provides holistic security visibility across on-premises, cloud, and hybrid networks with its intuitive and advanced security analytics and monitoring capabilities. For more information about Log360, visit manageengine.com/log-management.