Case Study - Express Delivery Company
This express delivery company employees over 25,000+ staff and operates close to 3,000 depots including a large number of automated parcel delivery terminals.
The company’s newly appointed CISO and CIO required an accurate overview of their existing cyber security posture and any potential cyber risk exposure.
The newly installed team needed to know any if any previously undetected vulnerabilities existed on their network, as if there were, these vulnerabilities may impede the organisation’s future development.
The company wanted to conduct a comprehensive cyber audit that could be delivered outside of their existing framework and so would not involve costly and time-consuming integrations with existing cyber solutions, nor did they want the audit to tie up valuable internal resources.
The company decided to undertake its first in-depth cyber health check-up and chose a GuardYoo Compromise Assessment as it would deliver upon the project parameters, would fall within existing budgetary guidelines and deliver results within their preferred time frame.
GuardYoo’s Compromise Assessment audit would deliver the following:
- A full Asset Discovery
- In-depth analysis of cyber threats and Indicators of Compromise
- Analysis of existing IT and Cyber policies to identify if best practices were being met
- Highlight any violations of company compliance policies within the organisation
The GuardYoo Artefact Collector module gathered and encrypted over six months of log data that would help identify any behavioural anomalies relating to employees, services, apps and network traffic.
The gathered data was then uploaded to a private instance within AWS to ensure the highest levels of security.
GuardYoo proprietary algorithms then prepared the data for analysis and the results were sent to the GuardYoo analytics engine which generated the final assessment report.
Throughout the Compromise Assessment, the company’s security team had full visibility of proceedings via their secure private dashboard, allowing them to monitor each phase of the assessment.
Once the machine learning process was completed and initial findings were made available, an expert security Data Analyst validated the results and added any additional context that was relevant before the report was released to the company’s security team.
The final version of the Audit was delivered in PDF format. The report shared all relevant metrics highlighting the nature of the vulnerabilities found, how serious they were and recommendations on how to address them.
Multiple instances of direct communication with external IP addresses and networks
Large numbers of BSOD’s identified (Blue Screen of Death)
Instances of unauthorised PSEXEC use
Multiple cases of potentially dangerous software deployed across the network (eg. TeamViewer, Ammyy Admin)
Multiple cases of Spyware found on the network
Multiple instances of windows log files being deleted without authorisation
“As a newly appointed CISO, I had an urgent need to get an accurate picture of the company’s IT infrastructure. Without GuardYoo's automated compromise assessment this would have taken months of hard work. GuardYoo's compromise assessment report gave me a precise understanding of what needed to be done immediately to fix security flaws and proceed with infrastructure security development.” CISO, Express Delivery Company
Compromise Assessment Results
As a result of GuardYoo’s Compromise Assessment, the company received enhanced visibility of their network topology.
Examples of some of the findings made by GuardYoo were:
- 10 instances of business-critical cyber threats were detected
- Multiple Indicators of Compromise (IOC’s) were identified
- Multiple vulnerabilities in IT and Cyber practices were identified
- Direct communication between external IP addresses and the company’s internal network were identified
- The use of Potentially Unwanted Programs (PUPs) such as TeamViewer was highlighted
- A high amount of PSEXEC activity highlighted the possibility of compromised User Accounts
- The deletion of windows log files indicated an attempt to hide malicious activity
A strategic long-term plan and corrective actions were proposed based on the information shared in the GuardYoo report.
GuardYoo’s Compromise Assessment confirmed that the company's existing level of cyber security was not fit for purpose and there was a high chance that any future attacks would go undetected.
The results of the Compromise Assessment were of real value to the newly appointed Information Security Management team as they were given a clear picture of the organisation’s true Cyber Posture and now had a list of issues that needed to be addressed as a priority.
As a result of GuardYoo recommendations, the company was able to significantly reduce the number of active threats to their network.
This gave the company’s Information Security team a great foundation to secure the organisation against future threats to their business.