Technical Risk Assessment for a $100mn US-based Software Service Provider
Overview
The client is a $100 million US-based multinational software service provider, specializing in commodity management platforms. They experienced a critical security breach when their Linux machine, hosting crucial software source code, was compromised. To mitigate risks and bolster their security posture, the company partnered with ACL Digital to devise a comprehensive technical risk assessment across their infrastructure assets, including both on-premise and public cloud environments.
Download Case Study
Challenges
Applications hosted in a SaaS-based model on AWS cloud, lacked effective monitoring for security incidents
Vulnerability of web-facing applications due to lack of a robust security posture
Limited visibility into critical security incidents
Solution
- Vulnerability Assessment: A comprehensive vulnerability assessment was carried out on AWS cloud infrastructure and externally exposed IP addresses
- Code Review: A detailed code review was performed on the critical application infrastructure to uncover security flaws
- Penetration Testing: Both Black Box and Grey Box penetration testing were executed on the cloud and on-premise infrastructure assets
- Application Security Testing: Security testing of applications was conducted based on OWASP (Open Web Application Security Project) and NIST (National Institute of Standards and Technology) standards
- Red Teaming Exercise: The exercise was conducted to simulate advanced persistent threats and assess the organization’s readiness and response capabilities
Outcomes
100% Reduction in Critical Vulnerabilities
The assessment led to the complete elimination of critical vulnerabilities, greatly enhancing defense against potential exploits
50% Improvement in Security Posture
The overall security posture improved, reflecting an enhancement in the detection, response, and mitigation of security threats effectively