Logistics Company Starts on a Journey to Mature their Security Program with SWC’s Vulnerability Assessment Offering
Finding and Remediating Technical Vulnerabilities to Close Doors for Attackers
|Number of employees||750|
A Chicago-based logistics company with a history of over 30 years continued to receive increasingly stringent cybersecurity audit questionnaires from its customers. They found that the larger the customers, the longer and more stringent the requirements. In parallel, the company struggled with upgrading, hardening and securing legacy applications which remain business critical. They realized the needed to assess their environment and start a plan of action for improving their cybersecurity posture.
The organization started with the approach of a vulnerability assessment to highlight initial critical technical issues visible on the internal and external network. They went through many cycles of due diligence to compare potential cybersecurity partners in the Chicagoland area and chose SWC based on the company’s track record, capabilities and talent. The desired outcome was to resolve critical issues as soon as possible and start on a path towards an improved security program. The customer knew this would help to protect the organization and help pass audits from customers and prospects.
|Technology & Services||Information Security|
A Chicago-based logistics company with over 750 employees wanted to improve its responses to increasingly stringent customer cybersecurity audits as well as protect its network. They knew if they could respond to customer audits with a strong score, they would continue or increase business from current customers as well as be in a better position to attract new business.
Security audit questionnaires were being sent from each customer to each of the company’s current and potential vendors. The responses were a factor in determining whether or not the customer should do business with the logistics company, and therefore impacted the company’s ability to grow the business.
Forming a Partnership
The logistics company partnered with SWC to review their points of security controls and provide a baseline rating of their current environment. From there, the logistics company and SWC worked in partnership to devise a plan-of-action to close the gaps and improve their overall security posture.
SWC started by discussing the network and working with the customer to define a sampling approach to vulnerability assessment. The analysis included workstations, servers, network devices, external-facing systems and web applications.
exposing the gaps
SWC’s vulnerability assessment offering identifies and verifies technical security holes (vulnerabilities) in a computer or network. The issues identified were gaps the software developer was not aware of until after being published. Common examples of vulnerabilities are accessing data without the need for a username and password (authentication). Some vulnerabilities have known exploits publicly available that can be used by anyone from “script-kiddies” to nation states to attack a network or system.
After initial discovery, SWC’s ethical penetration testing team analyzes and tests the vulnerabilities to determine a real risk severity rating. The result is a risk rating backed by a SWC as a security professional services firm.
Securing your Website
The logistics company wanted to include analysis of their public-facing web applications. SWC used a network vulnerability assessment to review how the web application responds to various types of attack attempts.
To start, SWC tested for vulnerabilities published in the “OWASP Top 10.” The Open Web Application Security Project (OWASP) is a not-for-profit charitable organization focused on improving the security of software. The organization publishes the most common vulnerabilities found in web applications worldwide and provide this list as a public service to help all web developers and security professionals protect new and existing web applications. Beyond the OWASP top 10, SWC tested for thousands of known web application and website vulnerabilities. After compiling a master list, security experts compare the results with what type of service or information the web application is storing or providing.
Gaining Visibility and Moving Forward
The results of the vulnerability assessment were eye-opening. The logistics company previously had no visibility to the critical vulnerabilities and risks. SWC’s reports provided clear detail to fix the issues that were found.
The results of the vulnerability assessment made SWC and the logistics company start to question what other areas of their security program might be a high risk. For example, most details of their security and network architecture were still unknown.
With the foundation for a stronger security posture in place, strategic initiatives such as starting a routine vulnerability management program as well as implementing compensating controls and hardening have begun. The value of SWC’s security managed services were also discussed.
SWC’s security practice helps many customers in many industries identify and treat cybersecurity and compliance risk. This logistics company is one of many organizations on its way to minimizing risk with the help of SWC.