From Alert Triage to 100% Investigation Coverage
Proactive forensics across a private equity portfolio SOC
A private equity group operating an internal SOC for hundreds of portfolio companies used Strand to turn SentinelOne detections into automated forensic investigations, reducing cherry-picked triage and giving every alert a defensible answer.
30 Minutes to Root Cause
Akira Ransomware via SonicWall VPN Compromise
A DFIR consultancy used Strand to identify the root cause of an Akira ransomware attack in 30 minutes, revealing a compromised SonicWall VPN account and persistence mechanisms including Cloudflared tunnels and AnyDesk.
Tracing Six-Figure Fraud
Business Email Compromise at a National Charity
After £180,000 in grant funding was diverted to a fraudulent account, Strand identified PerfectData Software OAuth abuse that internal teams missed and generated evidence for regulatory notification within 24 hours.
Protecting 400 Guests
ClickFix Social Engineering at a Regional Hotel Chain
When guests started receiving WhatsApp messages with their real booking details demanding payment, Strand traced the compromise to a Storm-1865 phishing campaign and identified persistence mechanisms the EDR had missed.
Finding Patient Zero
Qilin Ransomware via Helpdesk Social Engineering
When traditional forensics could not identify the entry point, Strand correlated helpdesk ticketing logs with Active Directory events to reveal a vishing attack that bypassed all technical controls.