Customer Case Studies

Pen-testers Help Global Paper Manufacturer Protect its Critical Assets

A global pulp & paper manufacturer asked OTORIO to conduct a security and vulnerability penetration testing assessment of their network as it would be seen by an external attacker. The manufacturer wanted OTORIO to gain access to their internal network without any prior knowledge of it.

OTORIO’s Role
The customer manages over 100 manufacturing sites around the globe. OTORIO's Penetration Testing team probed the resilience of the manufacturer's "most critical site". OTORIO tested the magnitude of the damage that could be caused to the manufacturer with no prior knowledge or access to the network. OTORIO's Penetration Testing security team spent approximately two weeks identifying the security gaps utilizing a "black-box" approach.

Findings and Mitigation

Our Findings
OTORIO’s team concluded that there were several key areas that required improvement in order to ensure that such an attack would not be successful in the future. These areas include:

  • Lack of network hardening between sites and zones
  • No patch management
  • No security monitoring
  • Reusing passwords

 

OTORIO’s Role
OTORIO was tasked with:

  • Assessing the organization’s external attack surface
  • Testing the network’s resilience
  • Identifying critical risk vulnerabilities
  • Mapping attack vectors
  • Utilizing real-world scenarios and methods that can impact production and daily operations
  • Recommending remediation steps that will address the critical and major findings

 

Recommendations
The team provided various security control improvements that the customer can implement to ensure that its network is resilient to similar attacks in the future. Some of the suggestions included:

  • Enforcing password policies
  • Increasing awareness of proper cybersecurity conduct
  • Updating OS and tracking security updates
  • Creating policies for update management
  • Reconfiguring GPPs
  • Auditing sensitive and abnormal activity
  • Reinforcing firewall policies and defining a detailed set of rules
  • Reconfiguring the whitelist IP policy

 

Moving Forward
OTORIO’s incident response assessment and reports gave the customer a clear picture of the steps the attacker took during the attack, with an emphasis on the security gaps that enabled their activity. OTORIO provided the company with a solid security posture plan to ensure that they are capable of taking the first steps in improving OT security immediately.

Following the successful incident response, the customer requested that OTORIO extend its services and perform Penetration Testing to assess network resilience.

Read More