Security Testing Case Study

Business situation

The investment firm in the case, provides personal portfolio management consultancy whereby indidual customers invest in stock market via the firm. Each customer gets his own online account and can view latest account status.

Investment firm suspected that one of their servers got hacked and data was stolen. They required someone to perform analysis, forensics, and perform network penetration tests. Valency Networks was approached to perform tests and provide technology design consultancy to achieve better cyber security practices.

Solution

• Valency Networks initiated discussion with investment firm’s management to understand the impact.
• After checking logs and performing scanning tests and technical reconnaissance, it was found that the hacking had indeed happened. Valency Networks suggested quick and tactical methods to be performed immediately, to prevent further such attacks.
• After performing detailed log analysis at various IT stages, hacking evidence was created and
  presented to the firm’s IT management for further action.
• Brute force tools were selected to perform detailed penetration testing on the firm’s network from
  externally as well as internally. Similar tests were performed on the infrastructure at other offices.
• External black hat network penetration test was performed on the centralized customer account
  management system, which revealed multiple vulnerabilities.
• A customized database vulnerability penetration test was performed to address lacunas in the portal’s design and architecture.
• A report with all severity 1, 2, 3 vulnerabilities and the corresponding suggestions to fix, was created.
• Firm’s security policy was re-designed by Valency Networks which comprised of security products,software solutions and strict policies.
• Firm’s management was suggested to perform periodic penetration tests to ensure timely security of their customer facing portal infrastructure.
• After concluding the test and signing the reports, Valency Networks acted as security consultants to the firm to redesign patch management system, ISMS policies and overall network infrastructure.

Benefits

• Investment firm could induce confidence in their internal staff that they were secure, and could
  percolate this confidence further into their offices and business partners.
• IT firm’s management could add more functionalities on their customer facing portal, which was not possible earlier, due to challenged security.
• Further strengthening of security and incorporating strict policies helped investment firm to gain more customers by aggressive and truthful marketing of their online facilities.