Summary
Overview
Reversec was engaged to assess the overall security posture of the client’s warehouses in Southeast Asia across five facilities.
We combined technical assessments with reviews of documentation, policies, and procedures to understand both the technical and operational elements of existing security controls and practices. We also met with key stakeholders to form a better picture of the client’s security policies and procedures.
Company
Goods retailer
Industry
Retail
Solution
We found several good practices:
- Security policies and procedures were documented in detail.
- User workstations at one facility were hardened and patched regularly.
- Endpoint detection solutions were in place and able to detect basic threats, and several security controls had been implemented to harden the SMB protocol.
We also identified security gaps and risks:
- Several servers were running vulnerable legacy services, which could allow an unauthenticated attacker to access affected systems and potentially access or tamper with sensitive data such as names, credentials, and inventory listings.
- We observed minimal network segregation between subnets across sites and between different global organizational environments. This increased the available attack surface from a network security standpoint and could allow ransomware, such as WannaCry, to cause greater impact.
- None of the sites had network access controls in place, creating the possibility that an attacker with physical access to a warehouse could compromise the wider network security and potentially access sensitive information, including client data.
- Patching policies were inconsistent. Two sites were not patching Unix servers, increasing the risk of unauthorized changes to inventory lists.
- We also found weaknesses in corporate user access management through Active Directory. Three service accounts were members of the Domain Administrator (DA) group, and the DA group had 54 members in total. This significantly expanded the attack surface of the domain and shortened the path for an attacker to gain control of a high-privilege account.
Outcome
To address the risks and gaps, we recommended the following measures:
- Improving network segregation and restricting access between workstations and peripheral systems.
- Establishing processes that enable administrators to manage and patch systems regularly and consistently.
- Configuring hardened golden images aligned with industry best practices, and defining policies and processes that ensure consistent deployment for all new machines.
- Developing and training a first-response capability and equipping relevant teams with the tools and processes needed to triage incidents effectively.
Used services
Advisory Consulting
Strengthen your organization’s cybersecurity posture from the ground up. We provide you with actionable research intelligence to establish strategic priorities and understand the impact of cyber risks.
Security Assurance Testing
Optimize the security testing and development of your assets according to your business goals, risk profile, and the real-world threats targeting your organization.
Our accreditations and certificates
Don’t be a stranger, let’s get in touch.
Our team of dedicated experts can help guide you in finding the right
solution for your unique issues. Complete the form and we are happy to
reach out as soon as possible to discuss more.
This site is protected by reCAPTCHA and the Google
Privacy Policy and Terms of Service apply.