Skip to main content
search

Security testing during an organisational transformation

Case Study

About Our Client  – a global communications infrastructure provider

Overview

Our client is a global communications infrastructure provider. They partner with a range of clients such as telecommunications and government organisations.  In Australia, their focus is on shared networks and wireless solutions, providing engineering, design, delivery and project management to telecommunications and radiocommunications operators.  

The Challenge  

Our client recently underwent a large organisational transformation, requiring parts of their international business units to be separated.  This created a high-degree of complexity for their Information Technology teams, who needed to conduct a careful separation of the infrastructure, while minimising disruption to current and future operations. Understanding the potential for additional cyber risk arising as a result of the restructure was critical.  

As a critical infrastructure provider, security and resilience is paramount. To assure and maintain the security posture of their business, our client needed to undertake a range of vulnerability scanning and penetration tests across their critical assets. This included open ports and services, such as cloud services and SaaS applications as well as remote and web-based administration consoles. 

The approach required a robust security testing methodology aligned to international best practice.  Our client engaged Avocado to perform five phases of security testing aligned with the broader transition program milestones – leveraging our strong project governance and delivery capability, with specialist security testing experience. 

Up Next: The Approach >

Avocado performed a range of security testing advisory services including: 

  • Web application penetration testing. 
  • System penetration testing. 
  • Network penetration testing.  
  • Vulnerability scanning. 
  • Ethical hacking / Red Teaming simulations. 
  • Technical Risk Assessments. 

Sector

Communications/ Critical infrastructure

The seamless transition has been guaranteed through Avocado's utilisation of advanced tools, methodologies, automation, and their extensive proficiency in security testing consultation and implementation.

The Approach 

Avocado was engaged to provide security testing services. This included a series of regular penetration tests over five project delivery phases of the infrastructure separation.  

  • Calculation of attack vectors for Cloud and SaaS services. 
  • Conducting foot-printing and reconnaissance on in-scope assets. 
  • Scanning for open ports and services against in-scope assets.
  • Performing vulnerability scanning against in-scope assets. 
  • Perform penetration testing against in-scope web services.
  • Conducting a technical risk assessment including impact against confirmed vulnerabilities and exploits. 

Avocado worked closely with stakeholders and technical staff so that the security results produced could be used to prioritise areas of most significance and relevance to our client. This also ensured that testing had the least impact to critical services. To ensure the engagement objectives were achieved, the security works were assessed using vigorous automated and manual vulnerability assessment and penetration testing methodologies – including blackbox, white box and grey box penetration testing – leveraging a variety of security tools to identify security vulnerabilities.   

Up Next: The Outcome >

Security testing during an organisational transformation, Avocado Consulting - deliver with certainty

The Outcome

Avocado’s structured penetration testing framework provided our client with detailed risk findings and improvement recommendations.Our client now has a comprehensive understanding of risk and impact of their vulnerabilities to critical assets and systems, resulting from the operational restructure. With this information, they can now begin remediation activities and make improvements to decrease the risks associated with the separation, while maintaining their security posture. 

Security testing during an organisational transformation, Avocado Consulting - deliver with certainty

Explore our related content:

Reinventing and securing the omni-channel customer experience

Avocado partnered with an ASX listed leading global retail industry player to manage all third-party risk and security assessments as they transformed from bricks and mortar to a full multi-channel strategy with deep customer experience tooling.

Threat and Risk Assessment for a leading health service provider

Supporting a leading health service provider understand and remediate their largest reputational and financial threats.

End to end testing for online education experiences

Avocado provided end-to-end testing services for a high-profile educator, developing the test cases and repository, along with creating application scenarios for both the back end and editorial teams. 

Remediating security and privacy risks in a complex and regulated environment

Translating cyber risks with a financially justifiable and comprehensive strategy to address cybersecurity gaps.

Close Menu