Case Studies

Incident Response for Regional Oil and Gas Company


A regional oil and gas company experienced a cybersecurity incident that involved a threat actor gaining access to their internal networks and systems, and ultimately exfiltrating data. The company detected and prevented the intrusion, but felt unequipped to properly implement remediations. The company hired FTI Cybersecurity to ensure the incident had been properly controlled and to perform a cybersecurity readiness assessment once the incident was contained.


FTI Cybersecurity worked hand-in-hand with the primary IT stakeholder for the company to deploy an endpoint detection and response (EDR) tool, collect forensic evidence, and begin threat hunting. Through FTI Cybersecurity’s guidance, the company became comfortable with the EDR platform. This made key company stakeholders more confident about their cybersecurity environment, as the company was able to gain insight beyond what they had been able to previously, including which devices required patch management.

Following the remediation of the incident and implementation of the EDR platform, FTI Cybersecurity performed an assessment of the company’s cybersecurity infrastructure and program against the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). This assessment allowed FTI Cybersecurity and the company to identify organization-wide cybersecurity risks and provide a strategic roadmap for remediating identified gaps.


FTI Cybersecurity deployed the EDR tool on the company’s network devices and informed the company on how to use the platform. The company remediated and contained the initial threat, implemented an effective EDR system, and gained insight into their cyber readiness. FTI Cybersecurity also provided a detailed plan and actionable guidance for remediating the identified gaps in the company’s cybersecurity strategy.