back to blog

BLOG

When Qilin Ransomware Strikes Your Peers, Are You Safe? Day in the Life of a Nagomi Customer

Background

Nagomi’s Coverage for the Qilin Campaign

As this cyberattack garnered national and international attention, it became clear that Qilin threat actors could potentially target other organizations in the media space. Being in the same vertical as Lee Enterprises, the customer’s board of directors were concerned about the potential impact of this ransomware threat on their organization and wanted the CISO to highlight their readiness to face this threat. The CISO and their SecOps team turned to the Nagomi platform to understand how their defenses stacked up against the Qilin ransomware. The Nagomi platform has been designed to not only help the day-to-day technical SecOps user identify their policy/configuration gaps and measure the performance of their deployed security controls but also for a non-technical stakeholder like the CISO to communicate security program performance effectively. Let’s see how easy it would be to determine organizational preparedness against such advanced threat campaigns.

Step 1: Log into your Nagomi Platform and click “Campaigns” from the left menu

Step 2: Search for “Qilin” in the search menu to locate the Qilin Ransomware Campaign and click “Explore More

Step 3: This campaign overview page will provide teams with a high-level overview of your organization’s preparedness against the Qilin Ransomware. This page includes the following information:

  • Top Susceptible Techniques— Highlights the techniques your organization is most susceptible to based on analyzing the attack campaign, utilization of your deployed security tools, and your overall attack surface.
  • MITRE ATT&CK Mapping— Highlights how prepared your organization is against the various MITRE tactics being used in the chosen threat campaign.
  • Known Exploitable Vulnerabilities—Highlights if any CISA KEV’s are being leveraged as part of the attack campaign.
  • Defensive Plans—Recommended remediation steps that can be taken to improve organizational security posture against Qilin ransomware based on the gaps identified by the Nagomi platform
  • All Defensive Capabilities— Highlights all your existing deployed defensive controls with their identified coverage gaps and how they would potentially impact your security posture.
  • Missing Capabilities— Highlights those defensive capabilities (security controls) that your organization is currently missing and needs to add to ensure comprehensive protection against the Qilin ransomware threat.

Step 4: Leverage the top-15 remediation recommendations provided by Nagomi to quickly begin the process of fixing identified security gaps

Nagomi’s remediation recommendations are intended to provide incident responders with actionable steps that can be taken to reduce their mean-time-to-remediate (MTTR).

While identifying and closing gaps is a crucial aspect, it’s equally crucial to effectively communicate organizational preparedness to non-technical stakeholders, such as the board of directors. The Nagomi platform simplifies this process by providing SecOps teams with customizable reports and dashboards that can be quickly created to report program health. In this case, to specifically report organizational readiness against the Qilin campaign, simply click on the “Reporting Center” item from the left-hand menu and select the “Threat Protection Report.”

The final report is generated in an easy-to-understand visual PDF format that can be used to communicate organizational preparedness against this ransomware campaign. The above document is the same report that our customer CISO leveraged to highlight their enterprise’s readiness against the Qilin ransomware to their board of directors.

Conclusion

The Nagomi Platform is more than a tool—it’s your proactive defense platform. By helping you evaluate and continuously improve your program’s performance, it empowers teams to move beyond reactive cycles into a future of confidence and control. Whether it’s unifying the view of your attack surface, reducing security debt, or translating security metrics for stakeholders, Nagomi reduces threat exposure while transforming cybersecurity from a technical cost center into a strategic business enabler.