U.S. Venture Builds Ransomware Resilience with CrowdStrike

After containment, Bellotti’s team brought in CrowdStrike Falcon® Complete Next-Gen MDR to perform full remediation. “Within two days of Falcon Complete coming into our environment, they had cleaned up every registry and every machine,” she said. “It would’ve taken our team months. We’ve been a Falcon Complete customer ever since.”

That experience marked the beginning of an eight-year partnership that continues to expand across the CrowdStrike Falcon® platform. “From that moment on, we knew CrowdStrike was different,” Bellotti said. “They deliver what they promise, so we’ve continued to invest in their platform.”

U.S. Venture is a large and diverse enterprise that forms part of the nation’s critical infrastructure, with more than 70 years in business and five operating divisions spanning fuel, automotive, lubricants, and logistics data. The company faces a wide range of threats, from industrial cyber risks to identity-based attacks and opportunistic ransomware.

To stay ahead, Bellotti’s team has steadily expanded its use of the Falcon platform. “We started with Falcon Complete for endpoint security, and as CrowdStrike grew, we grew with them,” she explained. “We added identity protection, SIEM, and most recently, exposure management. Each one solves a real challenge for us.”

Identity was a natural next step beyond endpoint security. “A lot of the threats we see today start with identity,” said Bellotti. “Falcon Identity Protection gives us visibility into compromised passwords, abnormal behavior, and access patterns we couldn’t see before.”

The impact was immediate and measurable. “We were able to stop forcing 90-day password rotations because we can now detect compromised credentials in real time,” she said. “That change alone reduced password reset calls by more than 80%, saving hours every week for our IT service desk and employees alike.”

CrowdStrike’s automation capabilities took that even further. “We use Falcon Fusion SOAR to automatically reset passwords when a compromise is detected,” Bellotti said. “It kicks off immediately, and we don’t have to wait on manual workflows. It saves so much time across both the security and IT teams.”

After selecting CrowdStrike, Guven Technology standardized security operations on the unified Falcon platform, spanning endpoints, identity, vulnerabilities, and SIEM across its managed environment.

Based on implementations of its prior security solutions, the team anticipated a six-month rollout. Instead, automated deployment reduced implementation to three weeks. The rollout required minimal system interruption and allowed business operations to continue as planned.

“There was no need to reboot the system. Everything continued running as expected,” Alili said.

Replacing the legacy endpoint stack with the Falcon platform reduced operational strain while consolidating telemetry. With one sensor collecting data across traditional IT systems, IoT devices, and building technologies, the team gained real-time visibility through a single console.

As visibility expanded, the team identified previously unknown shadow assets and vulnerable subnets that hadn’t surfaced in its legacy tools. Centralized telemetry with CrowdStrike Falcon® Next-Gen SIEM improved correlation across domains and reduced reliance on separate tools for SIEM and analysis.

From the outset, consolidation also enabled Guven to activate Charlotte AI across its environment. With telemetry unified on a single platform, the team began using AI-assisted analysis to support investigations, rule creation, and decision-making — an early step in its broader agentic SOC transformation.

When CrowdStrike Falcon® Exposure Management was introduced, Bellotti immediately saw the potential. After years of using a traditional vulnerability management tool, she was looking for a more contextual, efficient, and accurate approach.

“The main reason we moved to Falcon Exposure Management was the context,” said Bellotti. “It shows us exactly where vulnerabilities exist, what the true risk is, and how to fix them. Traditional tools give you a list of critical vulnerabilities, but they don’t tell you if those are externally exposed, if they’re being exploited in the wild, or if you already have controls in place.”

By integrating seamlessly with U.S. Venture’s Falcon platform telemetry, Falcon Exposure Management instantly provided visibility across the company’s environment, including its operational technology.

“Because the Falcon sensor is already deployed, we didn’t need to punch holes in our firewalls or add new scanners,” Bellotti said. “We can turn the existing sensor into an exposure scanner in each region, including our SCADA environments, and get instant insights without adding risk.”

That simplicity extended beyond the security team. “The dashboards make it easy for our IT and cloud teams to self-serve,” she said. “They can log in, see the vulnerabilities in their own environment, and take action without waiting on us. Before Exposure Management, that research could take hours per vulnerability. Now, they can get the answers in minutes.”

In one recent case, Falcon Exposure Management even prevented unnecessary emergency patching.

Even as U.S. Venture’s in-house capabilities expand, Bellotti continues to rely on Falcon Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch for 24/7 managed threat hunting and remediation.

“In May 2024, OverWatch detected and contained a threat actor on a camera server in under an hour,” she said. “It turned out to be hands-on-keyboard activity … a real intrusion attempt. That level of speed and coordination is something we can’t get anywhere else.”

That trust extends to incident readiness. “We also have a CrowdStrike incident response retainer,” Bellotti said. “It’s not a question of if something happens, but when. Having a trusted partner we can engage instantly is critical. We looked at other options, but CrowdStrike’s professionalism, consistency, and quality of people set them apart.”

Eight years after stopping ransomware in its tracks, Bellotti’s confidence in CrowdStrike hasn’t wavered. “CrowdStrike has always done what they said they’d do,” she concluded. “If something changes, they reset expectations early. That’s rare in this industry. Their say-do ratio is 100%.”