The customer of the project was Rocada Med, a company that has been advancing the Russian dental materials and equipment market since 1991, providing comprehensive solutions for the diagnosis, treatment, and prevention of dental diseases.
The customer is advancing the Russian market of dental materials and equipment by offering comprehensive solutions for the diagnosis, treatment, and prevention of dental diseases. The company has been in the market for 32 years and has a presence in 18 Russian cities.
As a commercial medical organization, the customer has amassed a substantial database over many years of operation. The storage of such confidential information necessitates continuous threat surveillance and security level evaluation in line with legislative requirements.
Due to the need for a security evaluation of corporate assets, the customer sought expertise from ICL Services.
Key Challenges
- Compile a vulnerability report and devise a plan to enhance security.
- Conduct a security analysis of IT infrastructure entities and identify potential attack vectors and vulnerabilities in corporate systems and resources.
Implemented our solution
The project was launched in April 2023.
The ICL Services team was made up of four information security analysts and a project manager. The task was to scrutinize and evaluate the security of applications and servers.
At the first stage, the team used specific scanners that can identify potential attack vectors and vulnerable systems for subsequent, more detailed security analysis and risk assessment. An initial list of threats was compiled as a result.
However, automated services are not capable of identifying all vulnerabilities. Therefore, ICL Services experts manually inspected the applications and servers: initially, they sought server access with user rights and then attempted to acquire privileged access rights on servers and web applications, aiming for privilege escalation within the systems.
This approach enabled the team to promptly identify a critical vulnerability, which was reported to ICL Services prior to the final report's completion.
In the report, ICL Services experts provided a concise summary for the customer, outlined the methodology used for the security analysis, and detailed the discovered vulnerabilities for the customer's technical experts to review. The team also explained the danger level of each vulnerability and offered recommendations for their removal.
ICL Services also conducted a follow-up analysis once the primary vulnerabilities had been rectified.
Products and technologies
- Well-known vulnerability scanners, traffic analysis tools, and other resources, including those developed during operation.
Tools are kept confidential for security purposes.
Results
- The security of IT infrastructure components was analyzed. Critical software vulnerability was detected in the early stages.
- The final report was compiled. A Q&A session with the customer regarding the completed work and report findings was held. A roadmap for enhancing IT infrastructure security in line with information security standards was provided.