A medium sized mass media and telecommunications company engaged Cyber Security Team to perform vulnerability tests across the various technological security domains including the externally facing networks, internal networks, wireless networks and physical environment.

What we did

The scope of the vulnerability assessment included various technology security domains as following:

• – Email Phishing Campaign
• – Goal-based External and Internal Network Penetration Test & Attack Tree Analysis
• – Wireless Penetration Test
• – Goal-based Web Application Penetration Test
• – Goal-based Physical Security Penetration Test

Outcome

This engagement helped the business to to identify relevant vulnerabilities by performing a network security and vulnerability assessment. This includes:

1. Gaining an understanding of the potential weaknesses exposed to the Internet (e.g. resources accessible from the Internet) both at a wired/wireless network and application level;
2. Conducting a sample based review of specific systems to determine whether they contain security weaknesses;
3. Assessing the effectiveness of the security controls and awareness of the office locations in different provinces; and
4. Documenting and bringing to management’s attention of the potential weaknesses observed.

Please contact us to discuss your Cybersecurity needs:

The post THREAT AND VULNERABILITY ASSESSMENT appeared first on Vayucast.

A medium sized insurance company was concerned with password theft of privileged accounts due to malware and installation of key-loggers. There was a needed to implement multi-factor authentication for privileged accounts and also track usage of sensitive credentials. The existing IAM environment was not matured enough to handle additional requirements and increased volume.

What we did

• – Completed PAM assessment, strategy and two year implementation roadmap.
• – Developed requirements, architectural design and project plan
• – Integrated the PAM solution with enterprise IAM solution, LDAP, SIEM / SOC monitoring tool.

Outcome

• – Well defined and repeatable privileged account management processes and tools were implemented.
• – Implementation of centralized account repository facilitated scalable future application integrations.
• – Enterprise privileged accounts were fully secured, monitored and controlled.
• – Multi-factor authentication protected against malware.
• – Improved control structure and regulatory compliance by centralizing User’s access to sensitive resources across the enterprise.

Please contact us to discuss your Cybersecurity needs:

The post PRIVILEGED ACCESS MANAGEMENT appeared first on Vayucast.

Transit provider was seeking to bring greater efficiency to managing the existing manual and complex system access validation processes. There was also a need to reduce the manager time and expenses inherent in reviewing more than 500,000 entitlements and access rights.

What we did

• Reviewed and assessed the current IAM environment with respect to future business requirements.
• Established target state operating model for transit provider to scale its services
• Laid out 5 year roadmap for accomplishing growth vision.

Outcome

• IAM strategy was developed in support of the transit authority’s future growth plans.
• Existing processes were analyzed in order to identity bottlenecks in the account lifecycle which lead to creation and modification of 70+ provisioning workflows.
• User onboarding/offboarding cycle time was significantly improved.
• Transit authority is reviewing prioritized list of target systems and existing IAM infrastructure as result of he IAM strategy.

Please contact us to discuss your Cybersecurity needs:

The post ENTERPRISE IAM STRATEGY appeared first on Vayucast.

Canadian Telecom carrier was seeking to answer how to provide key services to meet the growing digital identity needs of consumers, and the private and public sectors. An encompassing Cosnumer IAM strategy was needed to formulate product offerings demanded by growth in Digital Identity space.

What we did

• – Review of relevant trends
• – Evaluation of the tools required to stand up a Digital Identity platform
• – Competitive analysis on different technologies, models and approaches to Digital Identity .
• – Development of detailed use cases for Digital Identity platform.

Outcome

Through the work performed to date, there have been a number of positive outcomes:

• – Clear definition of the Digital Identity product strategy.
• – Clear strategy on Telecom’s involvement in Digital Identity sector for broad participation across the full ecosystem.
• – Deep understanding of the competitive landscape and the different models to enable Digital Identity platform.
• – Executive support to proceed with the vision.

The post DIGITAL IDENTITY STRATEGY appeared first on Vayucast.

A local hydro and utilities company wanted to facilitate user access recertification for various departments in order to meet internal governance and NERC CIP compliance requirements. Existing manual provisioning process was very cumbersome and lacked the required auditing capabilities.

What we did

• – Built the full IGA server infrastructure for Dev, Test and Production
• – Enabled new processes surrounding NERC CIP role request and termination.
• – Provisioning raccess to NERC resources automatically based on request approvals.

Outcome

• – Resulting new process flows in the IAM solution led to a better posture for maintaining NERC CIP compliance.
• – The solution was extended to form a role repository and perform role-based certifications.
• – The solution facilitated detection of segregation of duty violations which were addressed as part of regular audit cycles.
• – User access request and certification process was automated, leading to significant cost savings and shifting focus of capital expenditure budgests to value-add projects.

Please contact us to discuss your Cybersecurity needs:

The post IDENTITY AND ACCESS GOVERNANCE appeared first on Vayucast.