Case study
How REI Fortified Its Active Directory Estate Against Ransomware with Mimic
Retail
16,000+
$3.76 billion
193 stores across 44 states, $880.5 million in e-commerce revenue, millions of co-op members
Overview
REI (Recreational Equipment, Inc.) is a leading outdoor retailer with 180+ stores, an e-commerce platform, and a co-op with millions of members. Their security team was concerned by the increasing prevalence of ransomware attacks on unprotected Active Directory domain controllers (AD). By some estimates, 50% of ransomware attacks target AD, and sever access to critical business assets in the process. REI’s large hybrid IT environment spanning stores, warehouses, and digital operations is dependent on AD and a successful ransomware attack could be catastrophic.
REI turned to Mimic because its deep ransomware deflection technology is the first in the industry to protect assets, such as Active Directory, at the speed of ransomware.
Problem
Protecting a large Active Directory Estate against ransomware attacks.
Solution
Sophisticated AD ransomware protection that is extensible to the rest of the enterprise.
Mimic was very responsive throughout deployment. Their team engaged across multiple areas to ensure everything ran smoothly, and any issues that came up were resolved quickly. Their commitment made all the difference in a successful rollout and we have already received vital Mimic alerts to rogue changes in our AD environment that we would have been blind to before.
The Challenge
Broad EDR solutions can’t detect ransomware in AD environments and their ransomware detection in broader enterprise applications isn’t fast enough to protect the enterprise once an attacker moves through AD and targets other critical applications.
So, like many Fortune 500s, REI needed ransomware-specific protection and maintenance of their on-prem AD infrastructure with clear goals:
- Rapid Detection & Deflection: REI needed a solution that could detect ransomware MUCH faster, deflect accurately, and be extended to their other critical applications quickly.
- Seamless Integration in a Complex Stack: Their security environment already included multiple tools, many of which had a history of blocking new deployments or complicating configurations.
- Optimize Resources within the Budget: Cost was a major consideration - deploying to the enterprise without exceeding the budget. REI prioritized protecting AD first, with plans to expand to critical applications.
Solution Implementation
Highly Specialized Active Directory Protection
Mimic’s solution protects REI’s AD estate from ransomware and alerts them to unauthorized changes to their environment that may signal a ransomware attack.
Rapid Deployment
Mimic’s ability to deploy extremely quickly with minimal impact on the REI security team utilized two new technologies:
- Firstly, Mimic’s patent-pending node’s ability to auto-learn the underlying asset’s profile completely and then build a tailored shield to protect it.
- The Mimic delivery team's exceptional speed and focused approach throughout the entire deployment lifecycle—from initial design to hands-on training, threat intelligence, and meticulous analysis of each detection and deflection.
Navigating Budget Constraints
In collaboration with REI, Mimic can deploy its capability to all REI critical servers at no cost. In this mode, Mimic’s technology just silently watches for an attack, but if a threat actor launches ransomware and tries to encrypt or exfiltrate REI critical data, Mimic can instantly protect the application being attacked. And REI pays only if or when that protection goes live.
Building a Real-World Cyber-Range
Mimic’s Arena technology allowed REI to safely detonate real ransomware strains in an identical mirror of their environment without exposing their network to risk. This provided a unique level of insight, including:
- A precise view of how ransomware would behave inside their exact infrastructure, including key security agents across various operating systems.
- A risk-free way to test defenses before an actual attack occurs.
- A clear demonstration of Mimic’s Detection and Deflection capabilities in action.
Empowering REI’s Security Team
The Mimic delivery team partnered with REI cybersecurity specialists not only in the deployment of the Mimic solution on REI’s critical assets, but all internal testing was done by the REI security team itself, giving them the unique ability to:
- Properly understand the solution and implementation.
- Gain visibility into their overall security posture.
- Stress-test Mimic’s solution independently.
- Red team their own environment, performing various attack scenarios.
The Results
Mimic immediately was able to warn REI about unauthorized changes going on in their AD environment.
REI will be protected on all critical applications but does not have to take the budget expense upfront.
Faster, smarter response times with zero excess alert noise to REI’s SOC.
Future Outlook
REI is now fully aware of any changes to the AD estate and has the confidence that any ransomware attack on AD or their other enterprise applications will be deflected before damage can be done.
