ICL Services
Services
Services
All services it helper
Information security
Comprehensive Information Security Audit
Information Security Audit: Monitoring Compliance with Legal Requirements
Penetration Testing (Pentest)
Design, Implementation, Migration, and Maintenance of Information Protection Tools
Information security
Information security
Information security 13 ICL SOC: Identification and response to cyber threats
Services and Facilities
Technical Support and Maintenance of Hardware and Software
Digital Services
Digital transformation
Digital transformation
Digital transformation 13 Intelligent Transport Systems (ITSs) MONITORING OF THE OPERATION OF BUSINESS APPLICATIONS Virtual Reality/Augmented Reality Intelligent automation via RPA platform Development, Implementation and Support for IoT Solutions
Artificial Intelligence and Data Analytics
Internet of Things
Smart Business Process Automation
Implementation and Migration
Migration Of Infrastructure, Configurations, Applications, Data, And Users
Implementation Of IT Solutions
IT And Digital Consulting
Inspection and Consultation
Gathering and formalizing requirements (system and business analytics)
Managed Services
Workspace Administration
Operation of Datacenter and Cloud Infrastructure
Software Development
Bespoke Software Development
Software support and development
Software testing
Application modernization
Software Integration
Dedicated specialists
Agile outstaffing
Products
COLIBRI (Automated Workstation)
SERVICE AUTOMATION TOOL
Projects
Company
Company
ICL Services
History
Social responsibility
News
Video
Career
Career
Career
Career in ICL Services
Career in ICL Services
Career in ICL Services Advantages of work in ICL Services
Vacancies
Vacancies
Vacancies System administration Infrastructure solutions development Business design
Contact us
Callback
ru
en

A large Russian B2B bank

The project's customer was a large Russian B2B bank providing services in the leasing sector.

As per the Central Bank's standards, the bank was required to regularly report on its infrastructure security level and the measures taken to protect confidential information. Which was why it decided to hold a tender for pen test services in the latter half of 2023.

Under the tender terms, the customer asked the bidders to carry out a series of penetration tests from outside and inside the corporate network, analyze the security of the bank's web and mobile applications, and then prepare a report on the work's results, containing detailed information on the threats and vulnerabilities identified and compliant with the risk assessment criteria developed by the bank.

ICL Services completed the task better than all other bidders, and was subsequently assigned the project.

Key Challenges

  • Carry out a series of pen tests from both outside and inside the bank's corporate perimeter
  • Rank the vulnerabilities identified by risk level and provide recommendations for enhancing the corporate IT resource security
  • Deliver a final report in line with the customer's standards
Read more about the project Задать вопросAsk a question
Solution

Implemented our solution

  1. The team started work in November 2023. The project deadlines were very tight - the customer needed ICL Services to complete the main series of tests by mid-December.

    The customer emphasized three pentest aspects:

    —  firstly, the boundaries for penetration testing had to be strictly coordinated with the security service,
    —  secondly, there was a strictly defined procedure for which tests we were supposed carry out and which devices our experts were supposed to use,
    —  thirdly, the risk assessment of the vulnerabilities identified and recommendations for fixing them had to be consolidated into a report in accordance with the customer's internal standards.

    For example, protecting bank secrecy and confidential payment information was considered a top priority for fixing vulnerabilities - relevant issues were to be given the highest level of urgency and needed to be addressed with security measures immediately.

    This, however, was not an obstacle for our team. ICL Services employees worked constructively together with the customer's company experts to streamline report formatting. It was also crucial to complete the main tasks before the winter holidays, when it would be more challenging to work full-time.

    After agreeing on project deadlines, the experts initiated two parallel processes: they simulated an external attack on the bank's perimeter and visited the customer's office for pentests within the corporate environment.

    From mid-November through late December 2023, the team investigated and scanned for vulnerabilities, including — at the customer's request — those that would allow for system privilege escalation or compromise the systems. Additionally, we identified potential attack vectors and tested the terminal infrastructure. In total, the pen tests covered about 200 internal endpoints (including servers and network devices) and about 50 external nodes.

    From mid-December, after systematizing all the threats and vulnerabilities that we had discovered, identifying potential attack vectors, and developing recommendations to enhance corporate infrastructure security, our team began working on the final report, completing it on time

    We classified risks according to the customer's criteria, which helped us set priorities for our proposals regarding system protection and corporate resource security enhancement - the proposed measures
    were categorized into immediate, medium-term, and long-term (strategic).

Products and technologies

  • nmap
  • Nessus / Greenbone
  • Metasploit framework
  • Mimikatz
  • During the work, other well-known vulnerability scanners, traffic analysis tools and tools were also used, including those created during the work. Full list disclosed for security reasons.

Results

  • More than 250 external and internal endpoints were tested, including simulated attacks from outside the customer's infrastructure.
  • Once identified, the vulnerabilities were categorized by risk level: high (17.8%), above average (3.5%), average (21.4%), below average (35.7%), and low (21.4%), as per the customer's criteria.
  • The final report was developed in accordance with the bank’s internal standards.
  • For each group of vulnerabilities, we gave recommendations on how to improve the IT and corporate resource security level.

Services provided

Diana Solovieva
Expert on implementing and supporting information security solutions

Drop us a line

Contact us

Request a call

Name*
Phone*
Email*
Company*
Please see the Privacy Notice further information regarding your rights.

I have read the Privacy Notice and consent to the processing of my personal data

icl-services.com uses cookies, and by continuing browsing the website you give your consent to the use of cookies by us. Otherwise you should leave our website after reading this.
OK

Ask a question

Name*
Email*
Company*
Position*
Phone*
Message*
Please see the Privacy Notice further information regarding your rights.

I have read the Privacy Notice and consent to the processing of my personal data

Request a call

Name*
Phone*
Email
Company*
Please see the Privacy Notice further information regarding your rights.

I have read the Privacy Notice and consent to the processing of my personal data

Up