The client is a provider of marketing communications services to customers worldwide. They operate through partner companies and have operating units in the United States, Canada, Europe, Jamaica, and Philippines. The client wanted to implement strict measures to mitigate risks posed by cybersecurity threats.
The client wanted to fully understand the cyber security risks affecting their business and employ necessary systems in place to reduce these risks. This required discovering, analyzing, codifying network and system level security vulnerabilities and flaws for better understanding of their technical and business environment. Based on this, they wanted to enhance the current security and compliance posture of their network infrastructure.
Marlabs studied the detailed profile of the client’s current security and compliance posture, conducted a comprehensive external vulnerability assessment, and provided corrective action plans and extensive ‘executive’ and ‘technical’ level documentation/reporting.
The assessment included the following:
- Network/system scanning
- Analysis of scanning results
- Verification and validation of any exploitable vulnerabilities discovered
Scanning was done for each location based on scope definition:
- Within IP range provided or specific IPs to include operating systems, Web servers, SMTP/POP servers, FTP servers
- Databases, LDAP servers, load balancers, switches and hubs
- In-depth vulnerability validation test for public-facing servers
- All common internet services, including Web, FTP, mail, (SMTP/POP/IMAP/Lotus Notes), DNS, database, telnet, SSH, and VPN services.
Marlabs provided the final report on their security and compliance posture, which included the following:
- Technical network vulnerability report: details of systems services vulnerabilities and resources
- Highest risk vulnerability report: vulnerabilities based on their impact on confidentiality, integrity, and availability of data
- Remediation plan: a strategy to efficiently resolve identified issues
- Enhance organizational security culture
- Increase stakeholder confidence
- Prepare and protect the organizational data
- Prevent, detect, and reduce adversity
- Improve agility and resilience
- Optimize economic and social value