下载PDF
Redscan > 实例探究 > 改善网络安全防御:全球贸易组织的案例研究
Redscan Logo

Real-World Cyber Attack Simulation for Global Trading Organisation

技术
  • 分析与建模 - 数字孪生/模拟
  • 网络安全和隐私 - 应用安全
适用行业
  • 教育
  • 国家安全与国防
适用功能
  • 质量保证
用例
  • 网络安全
  • 入侵检测系统
服务
  • 网络安全服务
  • 培训
挑战
一家全球贸易组织的首席执行官和董事会担心网络攻击可能对其运营和声誉造成潜在损害。他们缺乏对网络安全防御有效性和应对现实世界攻击的能力的了解。此外,他们个人还负责确保满足与 IT 安全相关的监管要求。
关于客户
该客户是一家金融行业的全球贸易组织,总部位于英国。首席执行官和董事会负责确保合规性并保护组织免受数据安全漏洞的影响。
解决方案
该组织聘请 Redscan 的红队道德黑客来执行真实世界的攻击模拟。红队利用现代对抗策略来模拟组织网络环境中的高级威胁行为者活动。此次活动持续了三个月,对公司 IT 防御的各个方面进行了测试。没有向 Redscan 提供任何内部信息,所有知识都是通过开源威胁情报收集技术获得的。
运营影响
  • At the end of the simulated attack period, Redscan’s Red Team delivered a comprehensive report for the CEO and board of directors, highlighting all of the information security issues detected and ranking them according to the level of risk to the business. The Red Team provided clear guidance on how to mitigate the risk, recommending specific solutions, policies or training courses as appropriate. As a result, the business is now implementing new measures to better protect its data, employees and customers. The CEO and board members now have a far more enlightened view of cyber security weaknesses across the business and can better meet their information security obligations. They can provide documentary evidence that information security is of high priority; that they are aware of the risks; and that they are taking the appropriate action to mitigate them.

数量效益
  • The Red Team identified a particular exposure to phishing attacks, which could be used to acquire remote log-in credentials for IT systems and access to client transactional data.

  • Failures in the company’s access permissions were identified, which could be exploited to disrupt multi-million dollar trading transactions.

  • Configuration issues in intrusion detection systems and a large number of false alerts meant that the company was unable to detect Redscan’s deliberately “noisy” attempts to break in.

相关案例.

联系我们

欢迎与我们交流!

* Required
* Required
* Required
* Invalid email address
提交此表单,即表示您同意 IoT ONE 可以与您联系并分享洞察和营销信息。
不,谢谢,我不想收到来自 IoT ONE 的任何营销电子邮件。
提交

Thank you for your message!
We will contact you soon.