<img alt="" src="https://secure.kota3chat.com/187521.png" style="display:none;">
Icon

ERP Software Developer Ensures Major New Software Update is Secure for their wider Supply Chain Network with the Help of GuardYoo Compromise Assessment

Customer
Customer

ERP Software Developer

Software
Industry

Software

Sector
Sector

B2B

Challenge
Challenge

Highly demanding clients:
most of the customer’s clients are reliant on their own critical infrastructure.


Mission critical project:
In preparation for a major software update, the software developer needed to make sure the new release was secure and protected from potential external and internal threats

Scope of Work
Scope of Work

350+ workstations


100+ servers


Third-party data centers

and cloud platforms

Results
Results

The full and comprehensive assessment was finished within a week and critical anomalies were immediately addressed


The customer received full overview of its complex IT infrastructure, including software updates


Risks were addressed quickly thanks to GuardYoo's recommendations.

Icon
Organisation

This customer is a well-established software development company providing ERP solutions, they employ 350 IT professionals, and clients include high profile manufacturing companies who are very much reliant on their own critical infrastructure.

As IT operations are Business-Critical to both the ERP provider and their client base, the company needs to ensure they have a high standard of cyber security.

Because they are part of their client's 3rd Party Supply Chain, it’s also important that they do not expose the other members of the supply chain to breach as this would cost them from both a financial and reputational point of view.

Icon
Challenge

Many of the ERP provider’s clients are connected to the Military, Oil & Gas and Energy sectors and operate in densely populated areas.

Cyber-attacks against such sectors can have disastrous implications such as environmental disaster or national security failure.

While preparing to deliver a major software update to their client base, the ERP provider felt it prudent to have a Compromise Assessment carried out on their systems before pushing the new software update out to their clients. They wanted full visibility of any vulnerabilities within their network to ensure no malicious software was present and that no gaps existed that could be exploited by attackers.

Icon
Approach

The ERP provider needed to know if there had been any previously undetected breaches on their network and so they chose GuardYoo to deliver a Compromise Assessment audit.

As the GuardYoo solution gathers and analyses historical data that is already available, (does not involve deploying people or devices to monitor the network) it satisfied the ERP provider’s needs.

Icon
Process

As the ERP provider has a relatively small infrastructure but boasts a high level of IT automation, all Windows Log Files were gathered within 2 days and uploaded to the GuardYoo cloud.

GuardYoo proprietary algorithms prepared the data for analysis and sent the results to the GuardYoo analytics engine.

GuardYoo technology ensured the customer had full visibility of proceedings via their secured private account, allowing them to monitor each phase and the validation process.

The entire network was mapped within a 24hour period and highlighted many areas that could potentially be exploited by hackers to gain access.

The final report was delivered to the customer in PDF Format.

The GuardYoo Threat Hunting Team outlined a detailed list of Corrective Actions that should be adopted by the ERP provider as part of their long-term strategic plan for cyber security.

Icon KEY FINDINGS
Unauthorised use of PSEXEC on Business-Critical servers

Unauthorised use of PSEXEC on Business-Critical servers

Non-Encrypted sensitive data available to external connections

Non-Encrypted sensitive data available to external connections

Multiple cases of Unauthorised Remote Access software being used

Multiple cases of Unauthorised Remote Access software being used

Malware present within the network which had been dormant for over 3 months

Malware present within the network which had been dormant for over 3 months

Multiple cases of Open Administrative Sessions between various servers

Multiple cases of Open Administrative Sessions between various servers

Icon
Results

7 cases of Critical Threats and 6 cases of Moderate Threats were discovered.

Examples of these threats included:

  • IconUnauthorised use of PSEXEC on Business-Critical servers by accounts that were potentially compromised. The pattern on these servers indicated a high possibility that attackers had previously gained access to the infrastructure.
  • Icon Non-Encrypted authentication data was accessible via external connections
  • Icon The Unauthorised use of Remote Access tools highlighted a gap in the network that could be exploited by external attackers remotely
  • Icon Malware that had been dormant for over 3 months was discovered within the network which indicated a successful attack had most likely occurred within in the previous 12months.
  • Icon There was a large number of Open Admin Sessions still active between various servers.

As the majority of these findings were considered High Risk, the ERP provider’s IT security team immediately addressed the corrective actions outlined by GuardYoo.

Icon

“We offer our utmost gratitude to the GuardYoo team for a nearly instant compromise assessment service. We were very impressed with the fact that our urgent tasks could be solved so quickly and in such a concise manner”


CIO

Icon
Conclusion

GuardYoo’s Compromise Assessment audit lead to a very important review of the ERP provider’s existing cybersecurity strategy.

Because of the nature of the vulnerabilities found and the potential threat to the wider Supply Chain, some software updates were postponed. GuardYoo’s Compromise Assessment audit helped the ERP provider’s Cyber Team identify which projects needed to be prioritised.

The ERP provider agreed that the Compromise Assessment audit provided much more relevant results in comparison to Penetration Tests taken in the past.

As a result, the customer committed to undertake regular GuardYoo Compromise Assessments as part of their overall cyber security strategy.