<img alt="" src="https://secure.kota3chat.com/187521.png" style="display:none;">
Icon

GuardYoo Delivers Detailed Compromise Assessment Audit to a Nationwide Telecommunications Company

Customer
Customer

National provider of
telecommunication services
with 70+ offices

Industry
Industry

Telecommunications

Sector
Sector

B2C, B2B, B2G

Challenge
Challenge

Large infrastructure with
outdated hardware and software


Capacity constraints in both IT
and cyber security areas


Tight deadlines to be
ready for national elections

Scope of Work
Scope of Work

20,000+ workstations


700+ servers


Distributed network

Results
Results

Dozens of gigabytes of logs processed, and the final report delivered within two weeks


Full visibility into the IT and

ICT processes 


10+ groups of critical threats found


Comprehensive, practical and rapid remediation actions recommended

Download Case Study
Icon
Organisation

With 24,000 employees and an aged infrastructure, this company is the largest provider of telecommunications, phone and internet services in a country with a population of over 20 million people.

Icon
Challenge

Along with providing a range of services such as data transmission, internet, cloud services and DDoS protection, the organisation also plays a crucial role in setting up and operating digital connections between government agencies and local authorities across the country.

Tasked with providing the digital backbone to support the state’s national elections, the company needed to ensure their network infrastructure was free from vulnerability and any previously undetected breaches.

Icon
Approach

The company wanted more information regarding the security of their infrastructure and visibility of any potential vulnerabilities and so engaged GuardYoo to deliver a Compromise Assessment audit to answer some critical questions:

  • Icon Has the IT infrastructure been compromised?
  • Icon Do cyber criminals have undetected access to the network?
  • Icon Are there any substandard IT management traits within the organisation?
  • IconAre there any devices/applications connected to the network that the IT team are not aware of?
Icon
Process

The GuardYoo Compromise Assessment engine was able to process thousands of log files within a matter of hours, highlighting previously unnoticed user behavioural anomalies, network services, unauthorised apps and network traffic. Historically, this type of audit can take up to 12 weeks to process and produce this level of information however the GuardYoo Artifact Collector module was able to gather hundreds of gigabytes of log data from the organisation's infrastructure within a matter of days.

GuardYoo utilised the world class security features of AWS, including its encryption algorithms and two-factor authentication, to process the data collected.

Once all data was uploaded to the cloud, the company had full visibility of proceedings via their secured private account, allowing them to monitor each phase and the validation process. GuardYoo proprietary algorithms prepared the data for analysis and sent the results to the GuardYoo analytics engine.

Once the machine learning process was completed and initial findings were made available, expert security data analysts validated the results and added any additional context that was relevant.

The final version of the Audit was delivered in PDF format. The report shared all relevant metrics highlighting the nature of the vulnerabilities found and how serious they were.

Icon KEY FINDINGS
The company had missed multiple previous Brute Force Attacks

The company had missed multiple previous Brute Force Attacks

The authentication policies used by the company were substandard

The authentication policies used by the company were substandard

The audit highlighted numerous violations of user account management policies

The audit highlighted numerous violations of user account management policies

The company was allowing the use of plain text Passwords

The company was allowing the use of plain text Passwords

A large amount of unauthorised software was deployed across the network

A large amount of unauthorised software was deployed across the network

Instances of use of unauthorised PSEXEC

Instances of use of unauthorised PSEXEC

The company had various types of spyware deployed across the network: Trojans, CoinMiners, WannaCry

The company had various types of spyware deployed across the network: Trojans, CoinMiners, WannaCry

The company had instances of ransomware on the network that had not yet been activated

The company had instances of ransomware on the network that had not yet been activated

The company had instances of windows log files being deleted without authorisation

The company had instances of windows log files being deleted without authorisation

Icon
Compromise Assessment Results
  • Icon10+ types of mission critical threats were detected
  • Icon5 types of business-critical cyber threats were detected.

A high volume of remote activity on the network (including unauthorised devices) made the detection of these security violations difficult but the GuardYoo engine was successful in finding these threats.

Over 200 external Brute Force Attacks were identified and had to be further investigated whilst the passwords for the related compromised accounts had to be changed.

Some outdated authentication software, which was making the network vulnerable, was identified and needed to be updated as a priority.

User Account Management violations were identified and needed to be addressed as a priority, especially relating to New User Accounts and Password Changes.

Icon

“We were amazed by how accurate and quick GuardYoo’s detection was, and how detailed the findings were. For years we were searching for information security violations, while GuardYoo in just a couple of days gave us better results than we could expect.”


Telecom CIO

Icon
Conclusion

Thanks to the GuardYoo Compromise Assessment Audit the company was able to reveal and identify previously undetected cyber threats and vulnerabilities, as well as the associated operational, financial, legal and reputational risks associated with them.

Similarly, considering the outdated nature of the company’s existing cyber security controls, there was a high probability that any future cyber-attacks would go undetected.

The company took on board the recommendations made by GuardYoo to update their cyber security infrastructure and adopted a cyber strategic plan to increase their long-term cyber security posture.