Because of the new information security standards prescribed by the company’s head office in Austria, the Russian organization was to upgrade its existing information security tools and outsource some cybersecurity functions.
The customer explained what they wanted: a turnkey review of their infrastructure, exposure and elimination of any vulnerabilities, and making the system more resilient to external cyberattacks.Key Challenges
- Examine the external security perimeter for potential vulnerabilities.
- Implement an Attack Surface Management class system.
- Audit, configure, and support Kaspersky antivirus protection and EDR system.
Infrastructure review
Prior to the project, the customer had no clear understanding of how resilient their infrastructure was to external threats or what attack vectors malicious actors could potentially use.
Additionally, the pre-existing Kaspersky antivirus system showed certain irregularities in its operation: no periodic scans, some protection components disabled, and policies were neither inherited nor scaled.
The first thing our team did was a BlackBox audit of the external security perimeter (with no access to internal infrastructure, auditing only the external servers). The idea was to expose any vulnerable points malicious actors could exploit to attack the system. Our audit findings were presented in a detailed report along with infrastructure protection suggestions.
Vulnerability scanning
We used the Metascan cloud service to scan for vulnerabilities, as we believed the solution in question was optimal for external scanning. We collected all the addresses and services to be checked ahead of time and agreed on a timing that would not interfere with the company’s operations or affect its stability. Additionally, ICL Services professionals had the customer hooked up to their SOC (Security Operations Center).
Next, we implemented an Attack Surface Management system to manage all potential entry points a malicious actor might use to gain access to systems and corporate data.
Implementation of antivirus protection
The second part of the project involved auditing and customizing the Kaspersky Security Center installed on the customer’s premises.
First of all, our cybersecurity experts found a few best practice inconsistencies, namely policies that were never coordinated, irrelevant tasks, devices split between administration groups, no backup copying (not set up with the SQL server), and some others. Our team recorded their findings in a report and had the improvement plan seen and approved by the customer.
From then on, the work proceeded in several stages:
1. We optimized the system: enabled policy succession, set up regular tasks, and enabled email threat protection.
2. We implemented web controls covering the banned categories, and application controls based on manually created whitelists for each corporate unit.
- 3. We set up weekly reporting for application control and web control, and we configured for critical event information to be automatically sent to the mailbox.
- 4. We suggested Kaspersky’s KICS for Nodes and KICS for Networks be deployed to secure the production area.
- 5. We suggested a connection gateway for rarely used devices outside the corporate network.
- 6. Our experts suggested a solution for updating a certain software package featuring outdated versions, and received the go-ahead.
At the end of the project, our experts took over the support and maintenance of the Kaspersky Security Center servers and components. Now all threats are monitored and responded to continuously, and configuration is regularly reviewed to see if everything is working smoothly. All data is promptly communicated to the customer.- 3. We set up weekly reporting for application control and web control, and we configured for critical event information to be automatically sent to the mailbox.
Products and technologies
- EDR Kaspersky
Attack Surface Management
Results
- The customer now has a more secure infrastructure with significantly reduced risk exposure at the potential attack vectors. Kaspersky Security Center is up and running in keeping with best practices, effectively protecting the endpoints. The Attack Surface Management class system is in action, watching the possible vulnerable entry points daily. Additionally, the customer receives regular infrastructure reports, generated from a cybersecurity perspective.
- ICL Services professionals suggested a systematic vulnerability management approach that makes it clear which threats require priority focus, how to minimize risk, and how to keep the protection level consistently high in the long term.