Helping a CISO overhaul his company’s cybersecurity structure

The Chief Information Security Officer (CISO) of an alternative asset management firm was left to reevaluate the company’s security posture after a significant layoff. He knew that the number of disgruntled former employees with insider knowledge posed a great threat to the company- they were more vulnerable than ever.

Industry:

Finance

Goals:

• Achieve necessary budget
to build a Security Operations
Center (SOC)

Service:

Penetration Test and Network
Security & Architecture Review

Results:

• Proved firm’s weak security
• Gained budget to build SOC

The Challenge

The CISO knew he needed to make a change, so he made an official request for a budget increase in order to develop and fund a security operations center (SOC). However, without any tangible proof of the company’s current vulnerabilities, the CISO’s $50 million proposal was rejected outright by the executive leadership and board of directors. Not only is the CISO’s proposal rejected, but board members begin to question his other budget allocation requests.

The CISO needed a way to prove the company’s vulnerabilities, or he didn’t stand a chance of acquiring the budget he needed.

 

The Solution

To confirm his concerns about the company’s cyber vulnerabilities, the CISO enlisted the help of GRA Quantum to complete a comprehensive evaluation of the company’s network security.

Our dedicated team of penetration testers and network security architects began their work by first identifying all access points and devices on the company’s network and mapping the various connections between them.

They then conducted multiple rounds of penetration tests against the client’s public, private, and perimeter networks. Knowing that employees can oftentimes be the greatest weakness to a company’s security, our team also performed electronic and telephonic social engineering attacks against a number of company employees.

As an important part of our process, our staff stayed in regular contact with the CISO, holding meetings to provide status updates, and alerting him to any gaping vulnerabilities posing an immediate threat as soon as they were discovered.

Learn More About Penetration Testing

READ THE WHITEPAPER

The Outcome

GRA Quantum was able to confirm the CISO’s concerns.

During the penetration testing, weak security configurations allowed GRA Quantum’s technicians to access hundreds of internal files, including previous transaction records and highly confidential plans for future acquisitions.

After presenting these results to the executive boardroom, the CISO was granted the funds he needed to acquire newer, more secure software and hardware for the company. The client retained GRA Quantum to act as a technology consultant and assist with the selection of future inventory as well as to help revise and strengthen the client’s overarching security policies.

With GRA Quantum’s help, the firm went forward with its technology acquisitions and tightened its security with a SOC manned around the clock – all at a fraction of the of the original $50 million estimation

View More Success Stories

Helping a Small Firm Facing Large Threats Gain Visibility into Their Security Posture

Managed Security Services
retail security abstract

Helping One of the Largest US Retailers Keep Customer Data Secure

Penetration Testing

Expelling the source of malicious virtual attacks on a leading pharmaceutical firm

Digital Forensics
Biotech

Evaluating the network defenses of a promising biotech company seeking VC funding

Network Security & Architecture Review

Identifying the source of a market distortion attack on a major healthcare provider

Digital Forensics
Security Camera

Adding physical security to a fellow cyber firm’s information security strategy

Technical Surveillance Countermeasures

Assisting a world-leading credit card provider recover from a covert malware breach

Remediation

Helping a CISO overhaul his company’s cybersecurity structure

Penetration Testing