National provider of
with 70+ offices
B2C, B2B, B2G
Large infrastructure with
outdated hardware and software
Capacity constraints in both IT
and cyber security areas
Tight deadlines to be
ready for national elections
Dozens of gigabytes of logs processed, and the final report delivered within two weeks
Full visibility into the IT and
10+ groups of critical threats found
Comprehensive, practical and rapid remediation actions recommended
With 24,000 employees and an aged infrastructure, this company is the largest provider of telecommunications, phone and internet services in a country with a population of over 20 million people.
Along with providing a range of services such as data transmission, internet, cloud services and DDoS protection, the organisation also plays a crucial role in setting up and operating digital connections between government agencies and local authorities across the country.
Tasked with providing the digital backbone to support the state’s national elections, the company needed to ensure their network infrastructure was free from vulnerability and any previously undetected breaches.
The company wanted more information regarding the security of their infrastructure and visibility of any potential vulnerabilities and so engaged GuardYoo to deliver a Compromise Assessment audit to answer some critical questions:
The GuardYoo Compromise Assessment engine was able to process thousands of log files within a matter of hours, highlighting previously unnoticed user behavioural anomalies, network services, unauthorised apps and network traffic. Historically, this type of audit can take up to 12 weeks to process and produce this level of information however the GuardYoo Artifact Collector module was able to gather hundreds of gigabytes of log data from the organisation's infrastructure within a matter of days.
GuardYoo utilised the world class security features of AWS, including its encryption algorithms and two-factor authentication, to process the data collected.
Once all data was uploaded to the cloud, the company had full visibility of proceedings via their secured private account, allowing them to monitor each phase and the validation process. GuardYoo proprietary algorithms prepared the data for analysis and sent the results to the GuardYoo analytics engine.
Once the machine learning process was completed and initial findings were made available, expert security data analysts validated the results and added any additional context that was relevant.
The final version of the Audit was delivered in PDF format. The report shared all relevant metrics highlighting the nature of the vulnerabilities found and how serious they were.
The company had missed multiple previous Brute Force Attacks
The authentication policies used by the company were substandard
The audit highlighted numerous violations of user account management policies
The company was allowing the use of plain text Passwords
A large amount of unauthorised software was deployed across the network
Instances of use of unauthorised PSEXEC
The company had various types of spyware deployed across the network: Trojans, CoinMiners, WannaCry
The company had instances of ransomware on the network that had not yet been activated
The company had instances of windows log files being deleted without authorisation
A high volume of remote activity on the network (including unauthorised devices) made the detection of these security violations difficult but the GuardYoo engine was successful in finding these threats.
Over 200 external Brute Force Attacks were identified and had to be further investigated whilst the passwords for the related compromised accounts had to be changed.
Some outdated authentication software, which was making the network vulnerable, was identified and needed to be updated as a priority.
User Account Management violations were identified and needed to be addressed as a priority, especially relating to New User Accounts and Password Changes.
Thanks to the GuardYoo Compromise Assessment Audit the company was able to reveal and identify previously undetected cyber threats and vulnerabilities, as well as the associated operational, financial, legal and reputational risks associated with them.
Similarly, considering the outdated nature of the company’s existing cyber security controls, there was a high probability that any future cyber-attacks would go undetected.
The company took on board the recommendations made by GuardYoo to update their cyber security infrastructure and adopted a cyber strategic plan to increase their long-term cyber security posture.