Digital Infrastructure Case Study

A new CISO was hired to rebuild the cyber security operations at a Digital Infrastructure Provider. Poor network visibility meant that they were unable to accurately measure their risk exposure and this became an urgent priority. Pentesec proposed two managed security solutions, powered by Rapid7. Security Information & Event Management (SIEM) and Vulnerability Management (VM)

THE CHALLENGE: LACK OF VISIBILITY ACROSS THE BUSINESS MADE PRIORITISING THREATS DIFFICULT

This led them to seek a solution that could provide visibility, uncover system vulnerabilities and build their team’s security knowledge.

The customer knew that many vendors used usage metrics to price their services and was concerned about unexpectedly high bills. They wanted a cloud-based solution that is quick to deploy with no unexpected licencing costs.

The customer approached Pentesec to learn more about our Security Operations Centre.

We had visibility gaps and consequently things were not as they should have been. Things were not configured in the right way, so identifying issues was a challenge.

We couldn't measure our exposure, if we were open to attack, there was a real fear of the unknown.

- Customer CISO

THE SOLUTION: PENTESEC PROPOSED TWO CLOUD BASED MANAGED SECURITY SERVICES, POWERED BY RAPID7

Security Information & Event Management (SIEM) and Vulnerability Management (VM)

This enabled the customer to gather information about events happening on their network and proactively see what issues they needed to resolve. The customer was able to use the service ‘out of the box’ with pre-built systems designed to ingest data from across their network.

Where systems were not automatically compatible with Rapid7. Parsing rules were created to convert data into a format Rapid7 could alert against.

OUTCOMES

As soon as the service was activated, the customer had full network visibility and was able to identify which areas required their immediate attention.

Several areas that they had labelled as ‘not at risk’ were highlighted. Long forgotten legacy equipment was found, in use but not supported. Moving the business onto supported platforms became a priority and led to the biggest service benefit the customer highlighted:

OWNERSHIP

Visibility quickly drove ownership, holding people accountable for maintaining systems that they previously didn’t know were there. No specific person was responsible for managing the legacy platforms, so they had been left untouched, out of support and long forgotten.

That's probably the biggest piece, because once you can pin it on somebody and say: "This is yours, i'm going to hold you to account for the correct configuration, management and patching", you can then drive them to a path of better network hygiene.

- Customer CISO

Historically the team had struggled to justify resource investment.

Having full visibility of their infrastructure and assigning responsibility for each service made it easy for the CISO to articulate where their biggest issues were and highlight weaknesses within the business that required investment.

Working with Pentesec is one of the more enjoyable experiences I've had with a third party, mainly because the people understand the challenge.

They're not there to just try and sell me licences or devices, there's a real partnership feel about it. The guys who interact with Pentesec at an engineering or monitoring level are constantly saying: ‘These guys are responsive; they understand what we need to do and it's not a battle!'

We work with vendors where it really is a battle. We have push them quite hard, just to get the basics, but they said it has been enjoyable working with you guys

- Customer CISO

To learn more about how Pentesec’s Security Operations Centre can help your business, visit our SOC Hub or contact us on the form below and one of our experts will arrange a call to discuss your needs.