Application and Penetration Testing

Client’s Challenge

Technology has augmented the accessibility and customer level provided by all corporations while at the same time changing the risk brought upon by reliance on such applications and systems. IDG, the largest technology media company in the world is no exception. Vulnerability and penetration testing helped uncover that systemic flaws needed to be addressed before making themselves present in the environment. Evaluating the structure of the environment under which applications and services were being deployed
became a priority for the company’s management.

The stated goals included:

• Evaluate the internal and external technology architectures as well as the business processes that supported such in order to ascertain their security capabilities as well as their feasibility to support the expected growth.
• Identify areas of excellent as well as areas candidates for specific improvements.
• Awareness of budgetary cycles.
• Identification of technology for redeployment or elimination.
• Create a plan of action that could be deployed by the internal teams.

TBG Security Solution

TBG called upon its consultants many years of application and infrastructure exposure in order to proven application penetration assessment methods met the challenge head on. We first tested for known issues as best practices dictate. We then delved into the underlying technologies that were discovered during the initial phase.

A dynamic and adaptable approach tailored to the client’s environment and needs yielded the following
recommendations:

• Splitting the internal trusted zones in order to compartmentalize the systems covered by particular regulations.
• Creation of tunnels to control exposure and control potentially harmful traffic flows.
• Implementation of log aggregation and management technologies and incorporation of controls to protect the integrity of such.
• Increasing the number of detective controls while at the same time minimizing the monitoring points across the corporation.
• Overlaying of controls in order to compensate the shortcomings of each in order to minimize capital and operational expenses.
• Business processes such as the Application Development Lifecycle need to be uniformly implemented.
• Identification of all direct and compensatory controls for all off the identified assets.

Impact on client’s business

TBG’s methodology for Security Architecture Review allowed for the customization of a discovery process that better identified the gaps and strengths of this particular environment. The robustness of the environment was significantly increased by the implantation of the technological and business processes changes suggested by TBG’s consultants. By leveraging the already-existing assets, cost was contained, the controls’ effectiveness was maximized and the assets ended up with superior protective profiles at the end of the day.

DOWNLOAD CASE STUDY