Cb Response Defends South Korean Special Prosecutor’s Office from Targeted Cyberattacks During Impeachment of Former President Park Geun-hye

May 31, 2017

Naru Security leverages Carbon Black’s market leading EDR solution to identify malicious activity and catch attempted data exfiltration

WALTHAM, Mass.–(BUSINESS WIRE)–Carbon Black, the leader in next-generation endpoint security, today announced that the company’s market-leading endpoint detection and response (EDR) solution, Cb Response, was leveraged by local authorities during the prosecution and impeachment of former South Korean President Park Geun-hye.

Through a relationship with Korean security partner, Naru Security Inc., Carbon Black collaborated with the special prosecutor’s office to provide end-to-end endpoint monitoring with Cb Response, defending the office from targeted cyberattacks.

Park, the first woman to be elected as president of South Korea, was impeached in December and officially stripped of power in March. She was recently indicted on bribery, extortion, abuse of power and other high-profile corruption charges. Former human rights attorney and student activist, Moon Jae-in, was elected as Park’s replacement on May 9.

“Park’s impeachment was a global affair being tracked by millions of news consumers,” said Kane Lightowler, Carbon Black’s managing director, Asia Pacific. “Given how high profile this case was, there were many risks to the special prosecutor’s office. There was concern that Park’s supporters might attempt to delete or taint evidence and the risk of other cyberattackers hoping to profit by leaking the latest evidence to the media. By leveraging Cb Response, Naru Security gained valuable insight into nefarious endpoint activity and kept the prosecutor’s office safe during an unsettling time. Increasingly, governments and political organizations around the world are turning to Carbon Black to protect their most sensitive information.”

From December through February, Naru Security deployed Cb Response across all of the special prosecutor’s office’s endpoints and integrated Cb Response with the network solution ConnecTome to collect data and visualize it end-to-end. Cb Response identified and confirmed numerous malicious activities on the office’s endpoints, stopping the potential destruction of critical trial evidence.

“In the early stages of monitoring, we identified malicious activities via ConnecTome and pinpointed the process and MD5 with Cb Response,” said Joon Kim, Naru Security’s CEO. “Moreover, unknown attempted data exfiltration was identified by Cb Response. Carbon Black offered valuable insight during a time of great political unrest in South Korea.”

About Cb Response

Cb Response is the most precise IR and threat hunting solution for SOC practitioners, allowing them to get the answers they need faster than any other tool. Only Cb Response continuously records and captures all threat activity so security teams can hunt threats in real time, visualize the complete attack kill chain, and then respond and remediate attacks quickly. The result is zero-gap endpoint visibility. Investigations are accelerated because the information needed is always available with conclusive answers to investigation questions. With Cb Response, alert validation and triage are streamlined because the details of what caused an alert are at responders’ fingertips.

Cb Response was recently named Best Endpoint Detection and Response Solution by security professionals in the SANS Institute’s Best of 2016 Awards.