
Industry:
Finance
Goals:
• Achieve necessary budget
to build a Security Operations
Center (SOC)
Service:
Penetration Test and Network
Security & Architecture Review
Results:
• Proved firm’s weak security
• Gained budget to build SOC
The Challenge
The CISO knew he needed to make a change, so he made an official request for a budget increase in order to develop and fund a security operations center (SOC). However, without any tangible proof of the company’s current vulnerabilities, the CISO’s $50 million proposal was rejected outright by the executive leadership and board of directors. Not only is the CISO’s proposal rejected, but board members begin to question his other budget allocation requests.
The CISO needed a way to prove the company’s vulnerabilities, or he didn’t stand a chance of acquiring the budget he needed.
The Solution
To confirm his concerns about the company’s cyber vulnerabilities, the CISO enlisted the help of GRA Quantum to complete a comprehensive evaluation of the company’s network security.
Our dedicated team of penetration testers and network security architects began their work by first identifying all access points and devices on the company’s network and mapping the various connections between them.
They then conducted multiple rounds of penetration tests against the client’s public, private, and perimeter networks. Knowing that employees can oftentimes be the greatest weakness to a company’s security, our team also performed electronic and telephonic social engineering attacks against a number of company employees.
As an important part of our process, our staff stayed in regular contact with the CISO, holding meetings to provide status updates, and alerting him to any gaping vulnerabilities posing an immediate threat as soon as they were discovered.
The Outcome
GRA Quantum was able to confirm the CISO’s concerns.
During the penetration testing, weak security configurations allowed GRA Quantum’s technicians to access hundreds of internal files, including previous transaction records and highly confidential plans for future acquisitions.
After presenting these results to the executive boardroom, the CISO was granted the funds he needed to acquire newer, more secure software and hardware for the company. The client retained GRA Quantum to act as a technology consultant and assist with the selection of future inventory as well as to help revise and strengthen the client’s overarching security policies.
With GRA Quantum’s help, the firm went forward with its technology acquisitions and tightened its security with a SOC manned around the clock – all at a fraction of the of the original $50 million estimation