Security testing during an organisational transformation
Case Study
About Our Client – a global communications infrastructure provider
Overview
Our client is a global communications infrastructure provider. They partner with a range of clients such as telecommunications and government organisations. In Australia, their focus is on shared networks and wireless solutions, providing engineering, design, delivery and project management to telecommunications and radiocommunications operators.
The Challenge
Our client recently underwent a large organisational transformation, requiring parts of their international business units to be separated. This created a high-degree of complexity for their Information Technology teams, who needed to conduct a careful separation of the infrastructure, while minimising disruption to current and future operations. Understanding the potential for additional cyber risk arising as a result of the restructure was critical.
As a critical infrastructure provider, security and resilience is paramount. To assure and maintain the security posture of their business, our client needed to undertake a range of vulnerability scanning and penetration tests across their critical assets. This included open ports and services, such as cloud services and SaaS applications as well as remote and web-based administration consoles.
The approach required a robust security testing methodology aligned to international best practice. Our client engaged Avocado to perform five phases of security testing aligned with the broader transition program milestones – leveraging our strong project governance and delivery capability, with specialist security testing experience.
Avocado performed a range of security testing advisory services including:
- Web application penetration testing.
- System penetration testing.
- Network penetration testing.
- Vulnerability scanning.
- Ethical hacking / Red Teaming simulations.
- Technical Risk Assessments.
Sector
Communications/ Critical infrastructure
”The seamless transition has been guaranteed through Avocado's utilisation of advanced tools, methodologies, automation, and their extensive proficiency in security testing consultation and implementation.
The Approach
Avocado was engaged to provide security testing services. This included a series of regular penetration tests over five project delivery phases of the infrastructure separation.
- Calculation of attack vectors for Cloud and SaaS services.
- Conducting foot-printing and reconnaissance on in-scope assets.
- Scanning for open ports and services against in-scope assets.
- Performing vulnerability scanning against in-scope assets.
- Perform penetration testing against in-scope web services.
- Conducting a technical risk assessment including impact against confirmed vulnerabilities and exploits.
Avocado worked closely with stakeholders and technical staff so that the security results produced could be used to prioritise areas of most significance and relevance to our client. This also ensured that testing had the least impact to critical services. To ensure the engagement objectives were achieved, the security works were assessed using vigorous automated and manual vulnerability assessment and penetration testing methodologies – including blackbox, white box and grey box penetration testing – leveraging a variety of security tools to identify security vulnerabilities.
The Outcome
Avocado’s structured penetration testing framework provided our client with detailed risk findings and improvement recommendations. Our client now has a comprehensive understanding of risk and impact of their vulnerabilities to critical assets and systems, resulting from the operational restructure. With this information, they can now begin remediation activities and make improvements to decrease the risks associated with the separation, while maintaining their security posture.
Explore our related content:
Reinventing and securing the omni-channel customer experience
Avocado partnered with an ASX listed leading global retail industry player to manage all third-party risk and security assessments as they transformed from bricks and mortar to a full multi-channel strategy with deep customer experience tooling.
