Telecommunications Company Case Study

Organisation

With 24,000 employees, this company is one of the largest providers of
telecommunications in their region, providing phone and internet services in a country
with a population of over 20 million people.

Challenge

Along with providing a range of services such as data transmission, internet, cloud
services and DDoS protection, the organisation also works with government agencies to
deliver digital connections between government agencies and local authorities across the
country.

Tasked with providing a digital backbone to support the state’s national elections, the
company needed to ensure their ageing network infrastructure had no previously
undetected breaches and was free from vulnerability.

Approach

The company wanted a higher degree of visibility regarding the security of their
infrastructure and details of any potential vulnerabilities. They decided to conduct a
Compromise Assessment to answer some critical questions:

  •  Has the IT infrastructure been compromised?
  • Do cyber criminals have access to the network?
  • Are the current cyber security policies fit for purpose?
  • Are there any Potentially Unwanted Programmes (PUPs) being used on the network?

Process

The Compromise Assessment engine was able to process thousands of log files within a
matter of hours, highlighting previously unnoticed user behavioural anomalies,
unauthorised network services, unauthorised apps and network traffic.

Historically, this type of audit can take up to 12 weeks to process and produce this level of
information however the Artefact Collector module was able to gather hundreds of
gigabytes of log data from the organisation’s infrastructure within a matter of days.

The Compromise Assessment utilised the world-class security features of Microsoft Azure,
including its encryption algorithms and two-factor authentication, to process the data
collected.

Once all data was uploaded to the cloud, the company had full visibility of proceedings
via their secured private account, which allowed the customer to monitor each phase of
the process. Proprietary algorithms prepared the data for analysis and sent the results to
the analytics engine.

Once the machine learning process was completed and initial findings were made
available, an expert security data analyst validated the results and added any additional
relevant context.

The final version of the Audit was delivered in PDF format. The report shared all relevant
metrics highlighting the nature of the vulnerabilities found and how serious they were.

Compromise Assessment Results

  • 10+ instances of business-critical vulnerabilities were detected
  • 5 instances of imminent cyber threats were detected

A high volume of remote activity on the network (including unauthorised devices) made the
detection of these security violations difficult but the Compromise Assessment was
successful in finding these threats.

Over 200 external Brute Force Attacks were identified and had to be further investigated
whilst the passwords for the related compromised accounts needed to be changed.

Outdated authentication software was making the network vulnerable to outside attack
and needed to be updated as a priority.

User Account Management violations relating to New User Accounts and Password
Changes were identified and needed to be addressed as a priority.

Conclusion

Following the Compromise Assessment, the company identified previously undetected
breaches and vulnerabilities.

Considering the outdated nature of the company’s existing cyber security controls, there
was a high probability that any future cyber-attacks would go undetected.

The company took on board the recommendations made within the report to update its
cyber security infrastructure and design a new cyber strategic plan to improve its
long-term cyber security posture.

 

STIC – Telecommunications Company Case Study