Use Case

Responding to CISA cybersecurity directive 21-02

Actions Required to Respond to Microsoft Exchange Server Vulnerabilities

The Cybersecurity and Infrastructure Security Agency issued Emergency Directive 21-02 on March 3, 2021. Titled Mitigate Microsoft Exchange On-Premises Product Vulnerabilities, the directive details vulnerabilities in Microsoft Exchange Server products that attackers could use to gain access to systems or networks running these products. Using components of the Nuix software platform, agencies can quickly identify, mitigate and remediate attacks made using these vulnerabilities.

 

RAPID TRIAGE AND RESPONSE 

Nuix Workstation connects directly to Exchange Servers and most other network servers and repositories as well as the system files and logs. This enables forensic triage but eliminates the time wasted to acquire a forensic image of the Exchange Server to perform early case assessment or triage the system. The Nuix Workstation YARA, IOC, and RegRipper scripts automate the process of identifying indicators of compromise, getting answers within minutes of the Exchange Server examination. Nuix Adaptive Security will proactively alert agency staff to indicators of compromise or anomalous behavior, such as credential dumping, lateral movement, persistence mechanisms, and other follow-on exploitation activity on the Exchange Server.

 

POWERFUL REMEDIATION 

Nuix enables all the functional requirements identified in this Emergency Directive and likely the requirements of future Emergency Directives. Additionally, Nuix Enterprise Collection Center provides agency staff with integrated workflows to quickly remediate indicators of compromise on Exchange Servers and other endpoints on the network. In addition, Nuix Adaptive Security lets agency staff isolate the Exchange Server or endpoints to prevent lateral migration of malware.

 

RAPID, DEFENSIBLE RESULTS AT ENTERPRISE SCALE 

While open source tools are useful, Nuix provides a fully supported defensible forensic solution with real-time enterprisewide visibility required to respond to CISA’s guidance and defend against advanced attacks in the future. Nuix is backed by decades of forensic, cybersecurity, and incident response expertise to provide an integrated threat mitigation and remediation solution trusted by organizations globally.

Download Use Case