The Challenge:

Company D is a multi faceted business having in its portfolio property company, nursing homes and Import/Export. It’s geographic locations are split across three continents. The primary concern of the company was the invisible threat exposed by vulnerabilities on its internet facing services. It needed these entry points to be scanned, any vulnerabilities identified and remediated.

The Process:

Periodic scanning on its IP addresses undertaken. From the scans Ports and services were investigated to ensure the company security policy on open ports were being followed; highlight any vulnerabilities and any exposed ports/services which should not be accessible from the internet. The services were then analyzed to ensure the software was up to date and did not contain any vulnerabilities which would lead to a compromise of the internal network. A report is generated to give to management to highlight any concerns and the remediation recommendation.

The Results:

A number of vulnerabilities were identified which could lead to a compromise, which in turn could lead to a compromise of the internal systems. These were remediated and any future known vulnerabilities would be identified and remediated. While there was no compromise of the system this could have ended very differently if a malicious agent had found the vulnerabilities and exploited them.

Call For Action:

It is the vulnerability that is not noticed that leads to a compromise. Ensure that the Organisation practices good defense in depth and is aware of the attack surface. This is a good follow up to our Threat Modelling service, which would map out the threats and attack surfaces of the company. Feel free to contact us to have a discussion on how we could map the threats and the actions to be taken to control these threats.