National and regional market
leader in express delivery services
Complex and diverse infrastructure
Lots of outdated hardware and software
Needed to deliver a full Asset Discovery
Detecting cyber threats, indicators of
compromise and ensuring best practices for IT and cyber security were being met
Mixed Linux and Windows Operating Software
Hundreds of gigabytes of windows log files processed
Full visibility into IT and ICT processes
10 instances of mission critical
and business critical threats identified
Cyber strategic plan delivered to increase long-term cyber security posture
This express delivery company has more than 25,000 employees and operates close to 3,000 offices and automated parcel terminals nationwide.
The organisation’s newly appointed CISO and CIO needed a clear picture of their current cyber security posture and cyber risk exposure. They needed to know any if any previously undetected vulnerabilities existed on their network, as if there were, they may impede future development for the company.
The company was in need of a comprehensive cyber audit that would complement their existing cyber security solutions and would not involve costly and time-consuming integrations.
The company decided to undertake its first cyber health check-up and chose a GuardYoo Compromise Assessment audit as it would fall within existing budgetary guidelines and deliver results within their preferred time frame.
GuardYoo’s Compromise Assessment audit would deliver the following:
The GuardYoo Artifact Collector module processed hundreds of gigabytes of windows log files and other relevant data that could help identify any behavioural anomalies relating to employees, services, apps and network traffic.
The gathered data was then uploaded to a private instance within AWS, which boasts the highest levels of encryption algorithms and two factor authentication.
Throughout the audit the company had full visibility of proceedings via their secured private account, allowing them to monitor each phase and the validation process. GuardYoo proprietary algorithms prepared the data for analysis and the results were sent to the GuardYoo analytics engine.
Once the machine learning process was completed and initial findings were made available, expert security data analysts validated the results and added any additional context that was relevant.
The audit was then sent to the Threat Hunting team who delivered the final report.
The final version of the Audit was delivered in PDF format. The report shared all relevant metrics highlighting the nature of the vulnerabilities found and how serious they were.
Multiple instances of direct communication with external IP addresses and networks
Large numbers of BSOD’s identified (Blue Screen of Death)
Instances of unauthorised PSEXEC use
Multiple cases of potentially dangerous software deployed across the network (eg. TeamViewer, Ammyy Admin)
Multiple cases of Spyware found on the network
Multiple instances of windows log files being deleted without authorisation
As a result of GuardYoo’s Compromise Assessment audit, the company received better visibility of their network topology.
A strategic long-term plan and corrective actions were proposed based on this information.
Direct communication between external IP addresses and the company’s internal network were identified and evidence of intrusion detected.
The use of potentially dangerous software such as TeamViewer highlighted the possibility of unauthorised access to the network via a remote source.
A high amount of PSEXEC activity highlighted the possibility of compromised User Accounts and external access to sensitive information.
The deletion of windows log files indicated an attempt to hide the presence of malicious software on the network.
GuardYoo’s Compromise Assessment audit confirmed that the company's existing level of cyber security was not fit for purpose and there was a high chance that any future attacks would go undetected.
The results of the Compromise Assessment were of real value to the newly appointed Information Security Management team as they were given a clear picture of the organisation’s true Cyber Posture and now had a list of issues that needed to be addressed as a priority.
As a result of GuardYoo recommendations, the company was able to significantly reduce the number of active threats to their network.
This gave the company’s Information Security team a great foundation to secure the organisation against future threats to their business.