Case Study - Nationwide Telecommunication Company
With 24,000 employees, this company is one of the largest providers of telecommunications in their region, providing phone and internet services in a country with a population of over 20 million people.
Along with providing a range of services such as data transmission, internet, cloud services and DDoS protection, the organisation also works with government agencies to deliver digital connections between government agencies and local authorities across the country.
Tasked with providing a digital backbone to support the state’s national elections, the company needed to ensure their ageing network infrastructure had no previously undetected breaches and was free from vulnerability.
The company wanted a higher degree of visibility regarding the security of their infrastructure and details of any potential vulnerabilities. GuardYoo was selected to deliver a Compromise Assessment to answer some critical questions:
- Has the IT infrastructure been compromised?
- Do cyber criminals have access to the network?
- Are the current cyber security policies fit for purpose?
- Are there any Potentially Unwanted Programmes (PUPs) being used on the network
The GuardYoo Compromise Assessment engine was able to process thousands of log files within a matter of hours, highlighting previously unnoticed user behavioural anomalies, unauthorised network services, unauthorised apps and network traffic.
Historically, this type of audit can take up to 12 weeks to process and produce this level of information however the GuardYoo Artefact Collector module was able to gather hundreds of gigabytes of log data from the organisation's infrastructure within a matter of days.
GuardYoo utilised the world-class security features of AWS, including its encryption algorithms and two-factor authentication, to process the data collected.
Once all data was uploaded to the cloud, the company had full visibility of proceedings via their secured private account, which allowed the customer to monitor each phase of the process. GuardYoo proprietary algorithms prepared the data for analysis and sent the results to the GuardYoo analytics engine.
Once the machine learning process was completed and initial findings were made available, an expert security data analyst validated the results and added any additional relevant context.
The final version of the Audit was delivered in PDF format. The report shared all relevant metrics highlighting the nature of the vulnerabilities found and how serious they were.
The company had missed multiple previous Brute Force Attacks
The authentication policies used by the company were substandard
The audit highlighted numerous violations of user account management policies
The company was allowing the use of plain text passwords
A large amount of unauthorised software was deployed across the network
Instances of use of unauthorised PSEXEC
The company had various types of spyware deployed across the network.
The company had instances of ransomware on the network that had not yet been activated
The company had instances of windows log files being deleted without authorisation
“We were amazed by how accurate and quick GuardYoo’s detection was, and how detailed the findings were. For years we were searching for information security violations, while GuardYoo in just a couple of days gave us better results than we could expect” CIO, Telecommunications Company
Compromise Assessment Results
- 10+ instances of business-critical vulnerabilities were detected
- 5 instances of imminent cyber threats were detected
A high volume of remote activity on the network (including unauthorised devices) made the detection of these security violations difficult but the GuardYoo engine was successful in finding these threats.
Over 200 external Brute Force Attacks were identified and had to be further investigated whilst the passwords for the related compromised accounts needed to be changed.
Outdated authentication software was making the network vulnerable to outside attack and needed to be updated as a priority.
User Account Management violations relating to New User Accounts and Password Changes were identified and needed to be addressed as a priority.
Following the GuardYoo Compromise Assessment, the company identified previously undetected breaches and vulnerabilities.
Considering the outdated nature of the company’s existing cyber security controls, there was a high probability that any future cyber-attacks would go undetected.
The company took on board the recommendations made within the GuardYoo report to update its cyber security infrastructure and design a new cyber strategic plan to improve its long-term cyber security posture.