REAL THREATS.
REAL RESULTS.

A top-20 global bank with $2.3 trillion in assets under management had experienced an undetected intrusion lasting 47 days before being discovered by a routine audit. The attacker — later attributed to a state-sponsored APT group — had exfiltrated 14GB of customer data and embedded persistent access across 23 servers in three data centers across two continents.

SentinelArc was engaged within four hours of breach discovery. We deployed an eight-analyst DFIR team across London and Singapore simultaneously, with remote access to all three affected data centers. Within 18 hours we had full forensic timelines for all 23 compromised hosts, identified the initial access vector (a spear-phishing email targeting a third-party vendor with privileged network access), and mapped the complete attacker kill chain using MITRE ATT&CK framework.

After complete attacker eviction and a 72-hour containment operation, we transitioned to a full red team engagement to test whether any additional persistence mechanisms remained — and to harden the systems against the specific TTPs used in the original intrusion.

Full attacker eviction achieved within 72 hours. Zero additional data exfiltration after our deployment. Regulatory breach notification filed within the required window. Post-remediation red team found zero residual persistence. The bank subsequently engaged SentinelArc for a long-term SOC-as-a-Service retainer.

A national grid operator responsible for electricity distribution to 4.2 million households received credible threat intelligence indicating a coordinated attack campaign targeting their operational technology (OT) environment. Intelligence suggested the threat actor had already achieved initial foothold in the IT network and was staging for lateral movement into ICS/SCADA systems controlling physical grid infrastructure.

We deployed our OT/ICS security specialists alongside our threat intelligence team in a joint operation. The priority was clear: prevent any crossing of the IT/OT boundary before the attacker could achieve their objective. We implemented emergency network segmentation, deployed OT-specific monitoring sensors across 140 substations, and ran continuous threat hunting operations across 96 hours without interruption to grid operations.

Simultaneously, our threat intelligence unit performed deep attribution analysis on the campaign, identifying the threat actor as a known APT group with prior attacks on European energy infrastructure. This intelligence allowed us to anticipate their next moves and pre-position defensive measures before the attack progressed.

The IT/OT boundary was held. No SCADA systems were reached. The attacker was fully evicted from the IT network within 96 hours. Grid operations continued without a single minute of downtime throughout the engagement. The client subsequently published a case study (with our details redacted) that was cited by the national cybersecurity agency.

A 12-hospital network serving 800,000 patients annually was hit by a ransomware attack at 3:17 AM on a Tuesday. By the time IT staff discovered the encryption underway, 40% of networked systems were already locked. Electronic health records were inaccessible. Surgical scheduling systems were down. Two hospitals had reverted to pen-and-paper operations. Patient safety was at immediate risk.

SentinelArc's incident response retainer triggered an immediate response. Our team was on a call with the hospital CIO within 11 minutes and had remote access to all affected systems within 40 minutes. We triaged the infection to identify the boundary of encryption, isolated clean systems to preserve EHR access for critical care units, and began decryption key recovery operations from backup infrastructure the ransomware operators had failed to reach.

Critically, we identified and preserved evidence sufficient for law enforcement attribution before beginning remediation — a step many incident responders skip in the rush to restore operations. HIPAA breach notification requirements were met within the required 60-day window, with our legal team supporting the drafting process.

Critical care EHR access was restored within 6 hours. Full network restoration was completed within 11 days — well within the 30-day window that typically triggers regulatory penalties. No ransom was paid. The hospital network subsequently engaged SentinelArc to build and operate a full SOC, and achieved HIPAA compliance certification 8 months after the incident.