Problem:
A medium-sized financial services company sought assurance regarding the security measures taken by their third-party IT Managed Service Provider (MSP). This was prompted by a previous compromise of their machine builds and remote desktop environment by attackers. The client aimed to validate the hardening of their systems, review firewall and group policy settings for remote desktop environments, and assess machine build security controls.
Response:
To complete a thorough review Toro delivered the following:
- Reviewed machine hardening process and procedure.
- Reviewed and tested local firewall and group policy applied to remote desktop environment.
- Reviewed and tested machine build security controls applied by Microsoft Intune.
- Baselined all machine hardening controls against the CIS Critical Security Controls benchmark.
Outcome:
During the assessment, Toro identified two significant issues:
- Several security controls were found to be misconfigured, leaving potential vulnerabilities open for exploitation.
- The existing monitoring, event management, and alerting mechanisms were inadequate, making it challenging to detect and respond to security incidents effectively.
To address the identified issues Toro took the following steps:
- Work packages were prepared to implement remediations for misconfigured controls and to enhance monitoring, event management, and alerting capabilities.
- Endpoint security solutions, including Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR), were deployed to secure all devices. These solutions enabled continuous monitoring, alerting, and event management functions.
- Group policies were utilized to ensure the correct configuration of relevant devices, including the application of vulnerability fixes and security updates.
- The organisations proactive approach to assessing and enhancing their security controls and monitoring capabilities enabled them to address past security incidents and significantly reduce the risk of future compromises.