My Endpoint Detection and Response (EDR) Should Have Caught That!

by | Apr 6, 2022 | Customer Stories

It isn’t enough to have to have the security solution. A medical clinic with over 120 providers used best-in-class endpoint detection and response (EDR) software. Nevertheless, NodeZero quickly identified a device’s Local Security Authority Subsystem Service Process (LSASS), dump and cracked user credentials, moved laterally, and gained Windows Domain Administrator privileges. The result: full domain rights.

NodeZero successfully dumps LSASS and escalated privileges to Domain Admin, Fortinet EDR did NOT detect it.

My EDR Should Have Caught That!

The client was certain their EDR should have detected and blocked the attack. On investigation with their EDR vendor they discovered the solution was misconfigured on several devices. Further, they neglected to purchase an add-on module designed to alert on lateral movement.

Patching ≠ Remediation

Most organizations recognize the urgency to install updates to the infrastructure. Unpatched software with vulnerabilities provide a simple attack vector. But understanding what to patch, what to defer, and ensuring that patches remediate weaknesses can challenge even the most mature security teams.

NodeZero identifies exploitable weaknesses in your perimeter and/or internal systems, even when vulnerability scanners and patch management systems show that security updates have been successful. It solves the problem of expensive and manual penetration testing by automating the process. NodeZero is an autonomous penetration testing solution – a “self-service” offering that is safe to run in production and requires no persistent or credentialed agents. It assesses systems as would a manual pentester, but faster, more completely, and with more actionable results.

How can NodeZero help you?

Let our experts walk you through a demonstration of NodeZero, so you can see how to put it to work for your company.