Compromise Assessment – ERP Software Company
This organisation is a well-established software development company providing bespoke ERP solutions.
Employing 350+ IT professionals, their clients include high profile manufacturing companies who typically operate wide-area critical infrastructure.
As IT operations are business-critical to both the ERP provider and their client base, a high standard of cyber security is maintained to ensure digital assets are protected at all times.
Because the ERP provider is part of their client’s 3rd Party Supply Chain, it’s also important that they do not expose other members of the supply chain to unnecessary threats or vulnerabilities as this would lead to not only financial costs but also reputational damage within their market sector.
Many of the ERP providers’ clients supply products and services to utility companies operating in densely populated areas. Cyber-attacks against the military, Oil & Gas and Energy sectors can cause widespread disruption and potential environmental disaster and so each software update released needs to be delivered securely without the risk of harm to their client’s network.
While preparing to deliver one such software update, the ERP provider felt it prudent to have a Compromise Assessment carried out on their network before releasing their new software update to clients. The software development team in conjunction with their IT Security team wanted peace of mind regarding their environment and to ensure they minimised any possibility of causing harm to their client’s infrastructure.
A Compromise Assessment would assess their cyber posture as well as identify any potentially dangerous malware that could infect their clients’ network. The ERP provider needed to understand if they had any vulnerabilities within their organisation.
One of the main priorities for the ERP provider was to identify any previously undetected breaches on their network and so they chose to undertake a Compromise Assessment. As this solution gathers and analyses historical data that is already available, (does not involve deploying people or devices to monitor the network) it satisfied the ERP provider’s parameters for the project.
As the ERP provider has a relatively small infrastructure but possesses a high level of IT automation, all Windows Log Files were gathered within 2 days and uploaded to the cloud.