Developing a proactive approach to cyber security threats

About the client

One of our clients is a large internet service provider in South Africa and a major player in the local fibre industry. Having acquired and combined multiple smaller ISPs, the company now connects many thousands of home and business users to the internet across more than 400 towns and cities.

As our client’s environment grew, they encountered security incidents including a data compromise in their mail environment and a suspected network intrusion. These incidents made them more mindful of their security needs.

Their Need

The client’s exceptionally broad network makes security imperative; beyond their internal network are 100,000 people's environments at risk that they have a duty to protect. Cyberlogic investigated instances of email hacking, network intrusion and malware attacks and found that the client urgently needed a thorough view of their cyber security posture: the organisation’s level of readiness to deal with information security or cyber security risk. They also needed to understand their vulnerabilities and implement a strong security strategy to protect their networks going forward.

Cyberlogic Solution

Cyberlogic first investigated the data compromise in their mail environment through a Microsoft365 Assessment. This consisted of: 

• Mapping the data flow and data access points based on the potential compromise
• Reporting the findings in understandable language including recommendations
• Doing a top to bottom security configuration assessment on their Microsoft365 tenant
• Providing recommendations to remediate configuration gaps
• Working with the client to understand implications of the remediation actions
• Reducing the risk on configuration that allowed legacy integration

In parallel the suspected network intrusion was investigated, and the following steps were taken: 

• Analysing logs and tracing activity across the environment
• Reporting findings in understandable language including providing recommendations
• Running a vulnerability assessment exercise to identify vulnerabilities
• Reporting and prioritising vulnerabilities in the environment with recommendations for remediation
• Working with the client to analyse the potential impact of the remediation activities
• Assisting in the effort of patching and remediating vulnerabilities and securing devices with legacy dependencies

Once we had uncovered their vulnerabilities and remediated these issues, we extended the service to support the client’s strategy by introducing a Cyclical Vulnerability Management Program which consisted of: 

• Scanning and reporting vulnerabilities
• Recommending remediation initiatives with their IT teams
• Assisting with remediation escalations
• Reporting on closed vulnerabilities
• Periodic penetration tests conducted by the Cyberforensics unit of Cyberlogic

Resolution

Our work with the client vastly improved their security posture. With our support, they now have peace of mind that their security is constantly monitored and prioritised with governance and regulatory compliance in mind. The company now has a full view of their environment, a clear cyber security strategy and a team to help them execute this strategy, keeping them ahead of emerging security threats. Our involvement guarantees the client has continuity of service and access to the skills needed to keep providing this level of security.

Conclusion

It can be difficult for companies to find the right cyber security skills. Even with internal security teams, it isn’t easy to acquire enough in-house capacity and experience to cover all bases. At Cyberlogic, we have a dedicated team of experts who can oversee all aspects of security, using both offensive and defensive strategies.

For More information try our ebook