Advanced Cyber Security Services for an International Financial Institution

The Case

An international financial organization with close to 200 hundred member-states needed a modern, cost-effective, secure, and robust IT environment in order to ensure fully unified, streamlined, and coherent process for threat and vulnerability management, penetration testing and source code security reviews.

The Cyber Security Services

Threat & Vulnerability Mitigation

Our team consulted the client on identify high-risk infrastructure components by assessing their vulnerabilities, and taking the appropriate actions to control the level of risk to the operational environment. We were responsible for scanning and performing in-depth penetration testing on multiple applications related to compliance and relevant industry standards. The tests were conducted in line with Open Web Application Security Project (OWASP) and Common Weakness Enumeration (CWE/SANS).

 

We exploited security flaws and vulnerabilities with cyber-attack simulations, such as SQL injection, cross-site scripting (XSS), buffer overflows, open ports, unprotected directories, etc., in order to secure specific client applications. Our team provided remediation recommendations for discovered security threats and conducted immediate retests once vulnerabilities were fixed.

 

Source Code Security Review

ScaleFocus’ team performed a comprehensive Source Code Security Review in order to highlight potential security vulnerabilities within the client’s IT landscape. We identified miscellaneous code quality issues, e.g., insecure database access, inadequate data protection, insufficient audit records, and weak cryptographic algorithms.

 

As a result, enforcement of authentication and access control enabled high level of security on a global scale across the organization empowering secure 24 x 7 remote access for the staff regardless of their location worldwide.

Security Management Software rapid7, FireEye, metasploit, Qualys   IT infrastructure  Java, C#, ASP, C / C++, .NET, Visual Basic, Perl, Python, ColdFusion, Oracle, SQL Server Objective-C, TCL, SharePoint

The Achievements

  • Complied with multiple IT regulations, laws, and standards
  • Established a consistent and repeatable process for threat and vulnerability management
  • Increased operational efficiency and ability to meet corporate security objectives even as threat level continues to rise and IT budgets continue to be optimized
  • Enhanced cyber-defense capability
  • Real-time visibility of potential threats and the end-to-end vulnerability management process