In recent times, ransomware attacks have become a major concern for organizations of all sizes. The threat of exposure to malicious attacks has become more prominent and can lead to serious consequences.  

For one business that is exactly what happened. In the summer of 2022, an employee suffered from Ransomware Breach Face (#RBF) after clicking on a phishing email. Within five minutes, over 100 staff members clicked the same URL and entered their business credentials directly to the threat actors. 

The Challenge

This organization had already invested in Microsoft Security ATP2, Defender for Endpoint, and isolated email but was not maximizing their investment. With almost a hundred dormant malware machines in their environment, the internal security team felt overwhelmed by the constant need to address alerts, leaving them with little time to focus on identifying and patching security gaps. This resulted in a lack of visibility into their network, making it difficult to identify, contain, and respond to security threats.  

To address this, the business engaged with Difenda to optimize and strengthen its security posture. 

Win Insights

Reduced noise by closing 70% of the business’s alerts.

Established end-to-end coverage across the attack chain.

Improved access management to contain ransomware spread.

Improved speed of threat detection and response.


The Customer engaged Difenda to treat Ransomware Breach Face by deploying Microsoft Sentinel, Defender for Identity, and Advisory Services. The goal was to increase visibility and quickly strengthen their security posture. 

With an onboarding time of two months, the customer was able to get the wider range of visibility they needed to allocate and prioritize resources effectively.  

Difenda’s MXDR solution offers a range of visibility into the network, on-demand reporting, and a 4-step methodology that actively monitors day-to-day activity to identify advanced threats and ensure the customer is following cybersecurity best practices.  

This proactive approach allowed the internal security team to modernize their technology and maximize their Microsoft E5 license capabilities. Meaning they could now focus on the root causes of security challenges, rather than just addressing alerts on a surface level. 

The increased visibility into the network allowed both Difenda and the internal security team to identify new vulnerabilities and gaps in their current network. However, the customer faced challenges with alert fatigue, which was intensified by the deployment of Microsoft Sentinel. To address this, Difenda and the customer conducted several sessions on tuning and configuring customized, outcome-based alerts. The goal was to reduce the noise and allow the analysts to focus on priority responses. 

The success of this solution led to Microsoft providing additional End Customer Investment Fund (ECIF) funding to support the deployment of Microsoft Cloud App Security and Identity Protection. 

Additionally, Difenda’s Threat Advisory Bulletins keep business context and threat intelligence top of mind for customers, helping them proactively mitigate risk and make better decisions. 


Since deployment, Difenda has been able to alleviate the burden of alerts and alert investigations on the internal team.  

In the last 30 days, 70% of the business’s alerts have been closed by the Difenda team, giving the internal team more time and resources to focus on other areas of security.  

The Customer now has a mature security environment, with better visibility into their network and the ability to proactively mitigate risks. 

Did Difenda Effectively Treat Ransomware Breach Face?

Following a second attempt at a ransom attack, the business was able to disable ~300 compromised emails within an hour. Not only what the Difenda team able to help identify, contain, and lock down a situation where previously they would have had zero disability, but the business was also able to effectively treat and prevent the spread of #RBF. 


Difenda’s MXDR solution has provided this customer with the tools and support they need to optimize and strengthen their cybersecurity posture. One key outcome was the ability to create a more proactive security program and gain visibility into the root causes of their security challenges. 

The increased visibility has allowed the business to allocate and prioritize resources, and Difenda has alleviated the burden of alerts and alert investigations.  

The Difenda team’s expertise in Microsoft tooling and threat intelligence has been instrumental in the successful transition of the customer’s security environment.  

The business has maximized its Microsoft licensing to ensure that its valuable data is always protected. They are now better equipped to prevent future attacks and maintain their security posture. 

See How Difenda Can Help You Treat Ransomware Breach Face in this Free Guide.