Home > Insights > Case Studies

INSIGHTS

Case Studies

Collateral Targets

SecureState approaches defensive efforts using a Defense-in-Depth Kill Chain, a model that focuses on understanding how attackers achieve their objectives. Using this perspective, SecureState helps organizations build their defenses in layers, providing multiple methods for stopping incidents as they occur. This being said, there are certain categories of attack that utilize collateral targets in order to commit fraud against a larger entity.

» Download Case Study

 

Network Segmentation

Recently, a public utility company hired SecureState to assess their internal and external network security. While SecureState participates in many similar assessments, this particular engagement expanded well beyond its intended scope, highlighting several important issues for our client.

» Download Case Study

Cyber Liability Insurance Assessment

Organizations seeking to transfer risk by leveraging cyber liability policies face the challenge of not only finding the right carrier to work with, but also ensuring that coverage is adequately and appropriately bound. Insurance carriers are traditionally very good at minimizing their own exposure when binding a policy, and because cyber liability insurance (CLI) policies are still a relatively new concept – the odds are stacked in the insurer’s favor.

» Download Case Study

Blind Incident Response Testing

A grocery store chain contracted SecureState to perform Internal and External Penetration Tests coupled with an Incident Response Test that would run concurrently. In addition, the client wanted to see how their existing IT/security staff would actually respond to a real attack, and requested that SecureState conduct a Blind Incident Response Test.

» Download Case Study

Incident Response Testing

A retail company contracted SecureState to perform an Internal Penetration Assessment coupled with a concurrently run Incident Response Test. This synergy of assessments is an ideal way to group services that are often never thought of as being related. Penetration testing simulates an actual attacker attempting to gain unauthorized access to a company's resources, while Incident Response testing evaluates how the organization responds to real world incidents.

» Download Case Study

FISMA Compliance in the Commercial Sector

A client was required to meet an additional baseline requirement without the ability to expand staffing to support the business driver. See how the organization turned to SecureState's Federal practice to help solve their compliance issues.

» Download Case Study

Back to School Online Safety Guide

Like many parents, we’ve sent our kids back to school and we discuss among ourselves how quickly kids grow up. What some parents don’t realize is that their kids, especially those in middle school and high school, will be receiving passwords or having to create their own passwords for various sites or services they will need throughout the school year. Having a fifth grader myself, I knew that this day would come and that I’d have to address the technology issue.

» Download Guide

Assisting VARs in Securing Their Clients in the Cloud

A Value Added Reseller (VAR) of cloud services recently engaged SecureState to assist them with a client project. This VAR was approached by a retailer who wanted to move many of their internal IT services, such as email, file shares and the company's internal website to the cloud. The VAR was helping the retailer determine which cloud service provider would best fit their need and would later help with the migration to the cloud.

» Download Case Study

Celebrity Hacking 101

SecureState wanted to determine how easy it would be to "hack" into a celebrity's various online accounts in order to impersonate, gather personal information or ruin their reputation. So we teamed up with Erik Stolhanske of "Super Troopers" fame, and with his permission, our consultants successfully demonstrated compromising not one, but several of his online services.

» Download Case Study

PFI: From Credit Card Compromise to Prestine PCI Compliance

A restaurant contacted SecureState regarding a notification they had received from their merchant bank. The bank informed them that they were the likely source of a credit card data compromise. Using transactions reported as fraudulent, the bank was able to correlate the offending charges to a common merchant; our client.

» Download Case Study

PCI Risk and Enterprise Alignment

SecureState's identification and remediation of a previously unrecognized corporate risk reinforced our role as a trusted advisor and allowed the client to gain increased funding, resources, and support for the Security Program from the executive team, substantially increasing the new Security Officer's ability to succeed in his new role.

» Download Case Study

PCI Risk Assessment

Performing a risk assessment to the new guidelines is one additional step to help organizations identify and manage their risks and avoid the negative consequences of a breach or noncompliance. In SecureState's preliminary analysis of existing clients, 97% of those who have a compliant risk assessment would not be compliant under the guidance.

» Download Case Study

PCI Compliance in Healthcare

A major hospital network came to SecureState with a major problem… They had been approached by one of their merchant banks about Payment Card Industry (PCI) Data Security Standard (DSS) compliance. As they prepared information to fill out the required Self-Assessment Questionnaire (SAQ), they quickly realized they were in over their head.

» Download Case Study

SmartGrid Security Strategy

Learn how SecureState recently supported a large Utilities provider as they upgraded to a SmartGrid, including Automated Metering Infrastructure (AMI). See how SecureState assisted with their SmartGrid Security Strategy.

» Download Case Study

Vendor Response

A small company recently approached SecureState with a problem. An increasing number of their customers had begun sending security questionnaires demanding to know what the company was doing around security. The questions being asked had become confusing and were difficult for the company to answer. Even worse, potential clients were starting to require they answer questionnaires before determining whether they would do business with them.

» Download Case Study

Privacy Self Assessment Leaves Gaps

Many organizations perform self assessments of their privacy programs, but looking at one's own program may result in overlooking noticeable gaps.

» Download Case Study

PCI Compliance

At SecureState, we've developed our approach to align our recommendations with business needs in an effort to generate the highest Return on Security Investment.

» Download Case Study

Compliant vs. Secure

Compliance has received a lot of focus and fire by technical and management professionals. In the federal sector, FISMA was originally viewed as a major step forward for security when implemented in 2002. Shortly after implementation, it was viewed as a paper exercise and only fell into implementation by forced compliance. It is important for organizations and assessors to recognize compliance as a directional sign toward a secure implementation. It does not provide the exact path, but is more like a sign pointing the right direction in the middle of the woods.

» Download Case Study

PCI Guidelines

As a participant in the SIG, SecureState is well positioned to assist clients maintain compliance with the least impact. In SecureState's preliminary analysis of existing clients, 97% of those who have a compliant risk assessment would not be compliant under the guidance.

» Download Case Study

Phishing

More and more, companies are starting to enact various forms of employee security awareness training. They are starting to recognize the value in attempting to secure their people as well as their networks. One company who recently came to SecureState had been pouring significant budget into their training program. However, the Director of Security who administered the programs had started to be challenged by upper management to justify the amount of money being spent.

» Download Case Study

iRisk

Aligning your security program with security risk management shouldn't be overwhelming. The iRisk Case Study will show you how to align your security efforts with your overall strategy to manage security risk.

» Download Case Study

Data Discovery

The Director of Operations for a large university was instructed by executive management to investigate if PCI or PII data was currently being stored or transmitted on externally-facing systems. Although the client fully expected minimal findings, they wanted a third-party to validate their recent scan results and ensure the data controls which have been rigorously implemented inside the company's enterprise were also extended to their external systems. The client's presumption of security around sensitive data primarily was based on adherence to standards, Minimum Security Baselines (MSBs), and corporate security policies--all of which were properly addressing risks and countermeasures for sensitive data, and were being followed by the university. Therefore, the university anticipated the third-party would validate recent data discovery scans, and conclude that externally-facing systems posed little risk to sensitive data.

» Download Case Study

Moving IT to the Cloud

The Director of IT for a large scale retailer was instructed by executive management to investigate moving as many IT service as possible to the Cloud. Management was enticed by the promise of agility and lower resource costs of moving infrastructure, applications, and data to third party Cloud service providers. However, the Director of IT had concerns about security and was unsure how to transition. He wanted to first fully understanding the security implications of the decision.

» Download Case Study

Firewall Ruleset Review Looks at Segmentation between Networks in Supermarket Chain

This case study about a supermarket store chain demonstrates the importance of segmentation and utilizing a Firewall Ruleset Review to verify the segmentation. Specifically, SecureState helped the store chain assess how well segmentation of its wireless-enabled embedded devices from its corporate network was done.

» Download Case Study

Forensic Expertise Reveals Storage of Track Data

This is a case study about a software company that develops payment applications that must meet a specific set of requirements outlined in the Payment Application Data Security Standard (PA-DSS). The client challenge involves determining what type of expertise the PA-QSA that performs the assessment possesses.

» Download Case Study

Corporate Resiliency Begins with Planning and Preparation

This case study about a large financial institution demonstrates the proper way to set up policies and procedures pertaining to disposing of sensitive information in a secure fashion. SecureState was brought in to determine where the weaknesses are, and how they need to be corrected in order to meet the proper standards.

» Download Case Study

External PenTesting and Corporate Resiliency

This is a case study of three companies that had External Penetration Assessments performed. This document will detail how SecureState broke into the organizations and what recommendations SecureState provided to the clients - including the often understated necessity and importance of having a corporate resiliency program in place.

» Download Case Study

Beyond the Privacy Policy

A multinational company that is not currently EU-US Safe Harbor certified elected to undergo a Privacy Gap Assessment to determine both current compliance with Safe Harbor and the next steps in achieving a more secure environment.

» Download Case Study

Lack of Preparation leads to Malware Infestation

This is a case study of a polymer company that was severely deficient in minimum security baselines and incident response preparation, as such these deficiencies led to a malware infestation that proved difficult to remove.

» Download Case Study

Lack of Incident Response-Event Correlation

This is a case study of an energy company, SecureState was brought in to perform multiple assessments but quickly discovered the biggest flaw was the lack of incident response and event correlation.

» Download Case Study

Internal Penetration Assessment Discovers PCI Application Flaws

In this study, a university was receiving a Return on Compliance (RoC) and needed an internal penetration assessment performed to verify compliance. SecureState determined a flaw in a third party vendor that led to unencrypted sensitive information.

» Download Case Study

Incident Response reveals previous intrusion

This is a case study of a vet clinic, the vet clinic noticed a breach after coming in on Monday and finding multiple critical software and programs deleted. SecureState was brought in to determine the breach, how it occurred and when it occurred.

» Download Case Study

HIPAA: Ripping Off the Bandage

This is a case study of a large regional hospital that wanted to understand their HIPAA security gaps and obtain technical validation of the deficiencies in their security management program.

» Download Case Study

Physical Penetration Test: It Was A Cold Dark Night

SecureState was successful in breaching the clients' property and building during a physical penetration test. The company was at extreme risk when it came to loss of confidentiality, integrity, and availability of systems and information.

» Download Case Study

PCI Gap Analysis Reveals Poor Contract Management

In January 2010, the merchant bank for a very large realty firm requested the organization show compliance with the PCI standard by September 30, 2010. Never having to be PCI compliant before, the Level 2 realty corporation contracted SecureState to perform a PCI Gap Analysis to help them identify gaps and become PCI compliant.

» Download Case Study

Restaurant Chain-PCI Gap Analysis, Remediation and Forensics Investigation

In September of 2007, the Secret Service showed up at the door of a restaurant chain and reported to them that a number of their customers were reporting the same types of fraudulent charges on their credit cards.

» Download Case Study

Virtual Website Hosting Internal and Wireless Penetration Test

After decades of continuous growth and profit, the company contracted SecureState to review the external security around the websites of new acquisitions.

» Download Case Study

Grocery Store Internal and Wireless Penetration Test

After the Hannaford grocery chain suffered a breach, the management at another large grocery chain approached their security department and posed the question "Could it happen here?"

» Download Case Study

Financial Organization 3rd Party Software Case Study

SecureState performed an external attack and penetration for a top United States bank. This assessment simulated an attacker attempting to gain access to the bank's resources across the Internet.

» Download Case Study

Casino Case Study

Never having tested the logical (IT) security of their organization, a Casino contracted SecureState to perform internal and wireless penetration tests.

» Download Case Study

Breaking The Bank

This paper is a case study of a Midwestern bank that requested to have its physical security assessed via penetration testing including secondary information gathering and testing the resulting vulnerabilities found.

» Download Case Study