SecureState Blog

Read SecureState's award winning blog.

INDUSTRY:  Manufacturing

SERVICE:  INFOSEC Assessment with External Vulnerability Report


Engagement Background

A large Midwest manufacturer contacted SecureState to help identify vulnerabilities in their network security and to assess their security program as a whole.  Our RM and Advisory teams were brought in to assess the existing security controls and make appropriate recommendations to mature the security program.  The Risk Management team performed an External Vulnerability Assessment, a focused and controlled vulnerability analysis of the external Internet presence.  The analysis consists of deploying multiple vulnerability scanning engines to identify potential security exposures within Internet facing systems.  Additionally, our Advisory team executed an INFOSEC Assessment to gain insight into their Security Program as a whole, as well as provide a better understanding of the root causes behind findings from the Vulnerability Assessment.


Why this Engagement was Different

The External Vulnerability Assessment revealed a number of significant vulnerabilities, including an extremely exploitable Telnet server accessible using default credentials.  The client did’t seem particularly impressed or concerned.  They felt the Vulnerability Assessment did’t take into account company priorities and the importance of the systems that were vulnerable.  Under normal conditions, a SecureState INFOSEC would help provide this important context.  However, the client also requested a significant narrowing of the INFOSEC scope, to focus on IT areas only.  Doing this saved them a little money, but significantly diminished the value of the assessment.


What the Consultants Had to Say

“I was already onsite.  It isn’t a big difference in time or expense to add the full assessment and allow me to talk to all the right people in the organization and provide them with full recommendations.”  This engagement really highlights how SecureState is different than most security companies.  We view information security as a whole and from a strategic level.  We can put it all together.  “It is very easy to put the right rules into your firewall.  It is harder to implement policy to make sure that someone is consistently inputting the right values, and checking them.”  A full SecureState INFOSEC Assessment can help your organization put all the pieces together and assist you in making the right security decisions every day.  “They really just wanted validation that what they were doing was fine.”