How Does Your Security Story End?

It’s a lazy afternoon on the Friday before a long weekend. You are getting ready to shut things down and spend some quality time with family after an exhausting week. It is always exciting to not think about work for a little while and decompress; with recent global events though, this has been a challenge.

On the other side of the world, unfortunately, nationwide long weekends are prime time for cyber attacks. An adversarial group is planning their attack on your digital systems.

They’ve been monitoring your companies activity with low-level drive-bys and door knocking and have identified long weekends as prime time to step up their game. As they make their first move, your security story’s may already be predetermined.


The analyst in the Security Operations Center (SOC) notices something fishy.

Yes, it’s a malicious piece of code attempting to embed into a C-suite’s laptop.

The Security Analyst knows to act quickly, because they have encountered this before in other environments.

As the analyst escalates the situation, they attempt to isolate the issue and call into the Network and Security Operations Center (NSOC) to get the infected host off of the network.

Phew, we were able to do this in time, and it doesn’t seem to be spreading.

At the same time, the Security Team is looking into this piece of malicious code — again, knowing they have seen it in other environments –and thus have a process to handle this quickly and efficiently.

They call into the Network Team and deliver the remediation steps. The Network and Security team verify that the infection has not spread and that the laptop will need to be re-imaged. Other systems in the network are safe.


The malicious attack grants entrance into the C-suite’s laptop. The hackers now have full access to all business operations, and is ready to exfiltrate the data. As the intellectual property, employee records, financial statements, and more are being extracted from the laptop, the hackers have already automated the malware to expand into the company’s entire network.

Warning Notice Image


The two teams, SOC and NSOC, work together to produce a report of what was observed, what and how it was handled, and steps for remediation. This is sent out via email, along with a call to the Head of IT (hot dog in hand, too). Luckily, this was caught in time and localized, so Incident Response and Forensics are not needed (but are alerted and consulted with on the findings).

All is normal at the office Tuesday morning as employees are catching up at the water cooler, sharing stories and experiences from the long weekend.


The adversarial group infected the company’s network, shutdown systems, and exfiltrated all the information they needed 24-48 hours before anyone returns to the office.

As employees return on Tuesday and sign on, they are met with ransomware messages on every single device. There is no small talk around the water cooler, but panic in the C-suite on what to do now as all operations are suspended.

Now is the time to make sure your security story is designed for the ending you prefer. 

Want to Learn More?

Download our Security Catalog to get a more detailed look into Technium’s security solutions.


The Intricacies of MDR

MDR sounds simple; it is only three letters, so how complicated can it be? The answer to this may surprise you. Managed Detection and Response (MDR) is more than just overseeing what’s happening in your environment.

Read More »

Penetration Testing 101

Penetration testing (or pen testing) is a process by which software is utilized to probe a network and its elements for security risks. The job of security is always to focus on reducing the attack surface. Pen testing is what allows you to do this.

Read More »