<img alt="" src="https://secure.kota3chat.com/187521.png" style="display:none;">

Case Study -  Nationwide Telecommunication Company

Organisation

With 24,000 employees, this company is one of the largest providers of telecommunications in their region, providing phone and internet services in a country with a population of over 20 million people.

Challenge

Along with providing a range of services such as data transmission, internet, cloud services and DDoS protection, the organisation also works with government agencies to deliver digital connections between government agencies and local authorities across the country.

Tasked with providing a digital backbone to support the state’s national elections, the company needed to ensure their ageing network infrastructure had no previously undetected breaches and was free from vulnerability.

Approach

The company wanted a higher degree of visibility regarding the security of their infrastructure and details of any potential vulnerabilities. GuardYoo was selected to deliver a Compromise Assessment to answer some critical questions:

  • Has the IT infrastructure been compromised?
  • Do cyber criminals have access to the network?
  • Are the current cyber security policies fit for purpose?
  • Are there any Potentially Unwanted Programmes (PUPs) being used on the network

Process

The GuardYoo Compromise Assessment engine was able to process thousands of log files within a matter of hours, highlighting previously unnoticed user behavioural anomalies, unauthorised network services, unauthorised apps and network traffic.

Historically, this type of audit can take up to 12 weeks to process and produce this level of information however the GuardYoo Artefact Collector module was able to gather hundreds of gigabytes of log data from the organisation's infrastructure within a matter of days.

GuardYoo utilised the world-class security features of AWS, including its encryption algorithms and two-factor authentication, to process the data collected.

Once all data was uploaded to the cloud, the company had full visibility of proceedings via their secured private account, which allowed the customer to monitor each phase of the process. GuardYoo proprietary algorithms prepared the data for analysis and sent the results to the GuardYoo analytics engine.

Once the machine learning process was completed and initial findings were made available, an expert security data analyst validated the results and added any additional relevant context.

The final version of the Audit was delivered in PDF format. The report shared all relevant metrics highlighting the nature of the vulnerabilities found and how serious they were.

Key Findings 

932657_ab83339a05bc4aeda72b3ebfa378ffc3~mv2

The company had missed multiple previous Brute Force Attacks

932657_72c053a5a70c4656a16b09163aaff36f~mv2

The authentication policies used by the company were substandard

932657_60af31b9b6ed40f6af64949d38b63a31~mv2The audit highlighted numerous violations of user account management policies

932657_d98c86df35e2436e9a8c5846d0727d9e~mv2The company was allowing the use of plain text passwords

932657_7225116875ed4aeaa87f72a93671954f~mv2A large amount of unauthorised software was deployed across the network

932657_933730eecd26468cb205874a7465e13c~mv2Instances of use of unauthorised PSEXEC

932657_e08ba35bf322417aa90b6cf246f3493f~mv2The company had various types of spyware deployed across the network.

932657_9aeffc9095e14b0faad441c9a473da37~mv2

The company had instances of ransomware on the network that had not yet been activated

932657_6cc3f4ca998c4e899d9e21b2c8c174e8~mv2The company had instances of windows log files being deleted without authorisation

“We were amazed by how accurate and quick GuardYoo’s detection was, and how detailed the findings were. For years we were searching for information security violations, while GuardYoo in just a couple of days gave us better results than we could expect” CIO, Telecommunications Company

Compromise Assessment Results

  • 10+ instances of business-critical vulnerabilities were detected
  • 5 instances of imminent cyber threats were detected

A high volume of remote activity on the network (including unauthorised devices) made the detection of these security violations difficult but the GuardYoo engine was successful in finding these threats.

Over 200 external Brute Force Attacks were identified and had to be further investigated whilst the passwords for the related compromised accounts needed to be changed.

Outdated authentication software was making the network vulnerable to outside attack and needed to be updated as a priority.

User Account Management violations relating to New User Accounts and Password Changes were identified and needed to be addressed as a priority.


Conclusion

Following the GuardYoo Compromise Assessment, the company identified previously undetected breaches and vulnerabilities.

Considering the outdated nature of the company’s existing cyber security controls, there was a high probability that any future cyber-attacks would go undetected.

The company took on board the recommendations made within the GuardYoo report to update its cyber security infrastructure and design a new cyber strategic plan to improve its long-term cyber security posture.