top of page
< Back

Cybersecurity Incident Response & Managed Services

Midwest Construction Supply Company

ENGAGEMENT OVERVIEW

Following a significant Conti ransomware attack that severely impacted a multi-location construction company in October 2021, Redport Information Assurance was engaged to conduct comprehensive forensic analysis and implement enterprise-grade cybersecurity solutions. The engagement began with intensive forensic assessment in November 2021, culminating in a detailed report delivered February 2, 2022, followed by ongoing managed security services that continue today.


The initial incident encrypted thousands of files across multiple servers and endpoints, threatening business continuity across 39+ locations. Through our comprehensive threephase approach, we not only restored security but dramatically improved the organization's overall cybersecurity posture and operational resilience.

CRITICAL SECURITY FINDINGS ADDRESSED

Our forensic investigation revealed systemic security vulnerabilities that extended far beyond the initial ransomware attack. The environment suffered from multiple active malware infections, including residual Conti instances, CryptoWall ransomware, WebShell Trojans, and China Chopper Web Shell exploits across critical servers. Security configurations were dangerously inadequate - twelve different Windows versions operated without standardized patch management, while servers lacked antivirus protection entirely and had Windows Firewall protections disabled.


The network infrastructure presented significant risks with hundreds of critical vulnerabilities identified across 39 Cisco ASA firewall configurations. Password policies were weak with minimal account lockout settings, and privileged accounts used generic naming conventions that prevented individual accountability. Perhaps most concerning, 19% of workstations showed evidence of prior malware infections, indicating the existing Webroot antivirus solution was detecting only 66.5% of threats compared to the industry average of 97.1%.

COMPREHENSIVE SECURITY TRANSFORMATION

Our response involved a complete security architecture overhaul designed specifically for the construction industry's unique operational requirements. We implemented a 24x7 Security Operations Center providing real-time threat monitoring and automated incident response capabilities. Advanced Endpoint Detection and Response solutions were deployed across all systems, integrated with comprehensive Managed Detection and Response services that provide continuous threat hunting and rapid containment.


The infrastructure security transformation included complete firewall management for all 39 Fortinet devices with standardized configurations and continuous monitoring. We deployed enterprise-grade Multi-Factor Authentication using passwordless biometric technology, eliminating traditional password vulnerabilities while maintaining user convenience. Comprehensive vulnerability scanning and patch management systems ensure ongoing protection against emerging threats.


Cloud-based security infrastructure provides content filtering, secure connectivity, and centralized logging with 30-day SIEM storage for forensic capabilities. Secure backup and recovery solutions protect critical business data with both on-premises and cloud redundancy.

MEASURABLE SECURITY IMPROVEMENTS

The transformation delivered exceptional results that directly impact business operations and risk posture:

  • System Uptime Improvement: From 98.9% to 99.999% availability

  • Incident Prevention: Successfully stopped 2 major attack attempts post-implementation

  • Business Continuity: Prevented potential 6-day operational shutdown

  • Ongoing Threat Response: Continuous monitoring and automated response capabilities

These improvements translate to significant cost savings through reduced downtime, prevented data loss, and maintained customer confidence. The enhanced security posture also supports compliance requirements and reduces cyber insurance premiums.

ONGOING MANAGED SERVICES

Our relationship extends far beyond initial remediation through comprehensive managed security services tailored to construction industry needs. The 24x7 Security Operations Center provides continuous monitoring with dedicated security analysts who understand construction-specific threats and operational patterns. Proactive threat hunting identifies and neutralizes threats before they impact business operations.


Regular vulnerability assessments and remediation ensure protection against evolving threats, while firewall configuration management and optimization maintain strong perimeter defenses. We provide security awareness training and policy development to address the human element of cybersecurity, along with compliance reporting and audit support for

industry regulations.


Our managed services model includes reduced hourly rates for additional projects, shared access to enterprise-grade security tools for internal IT staff, and ongoing security policy implementation as the threat landscape evolves.

CONSTRUCTION INDUSTRY EXPERTISE

Construction companies face unique cybersecurity challenges that require specialized understanding and solutions. The industry's rapid digital transformation introduces risks through Building Information Modeling (BIM) systems, Internet of Things (IoT) devices, and cloud-based project management platforms that expand attack surfaces. Complex supply chains involving multiple subcontractors and vendors create numerous entry points for cyber

attackers.


High-value data including financial information, intellectual property, architectural blueprints, and competitive bid information makes construction companies attractive targets. Timesensitive project deadlines often create pressure to prioritize speed over security, while legacy systems integrated with modern technology create additional vulnerabilities. 


Our specialized experience addresses these  challenges through:

  • Multi-location security management with centralized monitoring and standardized policies

  • Legacy system protection and gradual modernization without operational disruption

  • Supply chain security considerations and vendor risk management

  • Project data protection and intellectual property security measures

  • Regulatory compliance support for CMMC, NIST frameworks, and industry standards

SERVICE CAPABILITIES

Incident Response & Digital Forensics

  • Rapid response to ransomware and cyber incidents with 24x7 availability

  • Advanced digital forensic analysis and evidence preservation using industry-leading tools

  • Comprehensive malware analysis and threat attribution through sandbox environments

  • Business continuity planning and recovery coordination

Managed Security Services

  • 24x7 Security Operations Center with construction industry expertise

  • Advanced Endpoint Detection and Response with automated threat containment

  • Network security monitoring and proactive threat hunting

  • Comprehensive vulnerability management with prioritized remediation

Infrastructure Security Architecture

  • Enterprise firewall management and configuration optimization

  • Network segmentation and zero-trust access controls

  • Cloud security architecture design and secure migration services

  • Backup and disaster recovery solutions with tested restoration procedures

Compliance & Risk Management

  • NIST Cybersecurity Framework implementation and maintenance

  • CMMC (Cybersecurity Maturity Model Certification) preparation and certification support

  • Comprehensive risk assessments and security audits

  • Security policy development and employee training programs

This engagement demonstrates our capability to rapidly respond to sophisticated cyber incidents, conduct thorough forensic analysis, and implement comprehensive security solutions that provide measurable improvements in security posture and business continuity. Our ongoing partnership model ensures construction companies maintain strong security defenses while focusing on their core business operations.

bottom of page