Cybersecurity Incident Detection and Response Case Study

This case study details the implementation of the Labyrinth system within a holding company that encompasses over 10 diverse businesses, including manufacturing and services. The objective was to enhance incident detection and response capabilities across the client's network infrastructure, which covers up to 100 VLANs. The study outlines the identification of weak points in event detection and the necessity for additional workstation protection through file honeypots. It describes the deployment process, which involved multiple Worker VMs to cover distributed network segments, and the integration of various network honeypots and SIEM systems. The case study further explains how the Labyrinth system improved visibility and incident investigation efficiency by detecting unauthorized access attempts and classifying attackers' actions on internal web applications. The findings indicate that the integration of the Labyrinth system has significantly increased the informational value of detected incidents, facilitating quicker decision-making during investigations.