The customer had a fairly mature Network Model that they had neglected for a number of months. There were a large number of unplaced objects that had been captured by their automated configuration update system, their version was out of date and they had a backup appliance that had been lost/misplaced in transit to their disaster recovery datacenter. The customer also wanted a full reconciliation of their CDE, DMZ and user subnets as well as customized device hardening/Best Practice Checks.
- While working through the physical and logistical steps of locating and deploying the backup appliance, upgrading and testing all systems, we quickly reconciled the client's master list of subnet designations against the corresponding containers, making adjustments where necessary. We were able to clean up the Network Topology map by sorting and correctly placing the objects which had been neglected over time and additional devices and subnets discovered when we migrated the system over to the new CMDB. We addressed the client's Model Issues and was able to greatly reduce the number of reported violations by identifying devices requiring remediation, correcting device displays within the tool and, where appropriate and documented, by suppressing instances approved by client management. We highlighted a number of legacy network connections that were identified as potential access (and threat) vectors which are not in use due to routing policies and have also identified unexpected connectivity currently available into subnets thought secure. We were able to quickly identify the connectivity and the firewall rules (by line number) which were permitting this access. With this information, the security architects were immediately able to research business decisions behind this access and take appropriate actions. In certain cases, this lead to changes in network configuration and in others, this resulted in the business decision being documented and approved within the tool itself.
- July 21, 2016 Retail Company SIEM Upgrade Case Study The customer required that their SIEM infrastructure be upgraded and modified. 15 additional security based applications and their logs needed to be implemented and integrated in the SIEM solution. This SIEM solution was implemented in […]
- July 21, 2016 Pharmaceutical Firm SIEM Upgrade Case Study The following case study was done on a client that suffered a well-publicized breach. Attackers had been in their system for many months before the authorities notified them and forensic and remediation engagements were started for all […]