The Challenge
The IT team of a renowned cantonal university with a multi-site campus, which serves a large number of students and faculty, requested a professional assessment of the architecture, setup and operation of its firewall system. The university wanted to ensure that it was well prepared and that its setup and processes were well positioned to protect it from cyberattacks and potential security threats.
How we solved it
Arco IT conducted a thorough security assessment to identify cyber risks, including firewall assessments, vulnerability scans and connectivity testing. The comprehensive IT facility audit helped identify vulnerabilities and analyze systems to provide actionable recommendations.
PREPARATION
To get a detailed insight into the technical landscape, we conducted several interviews with the organization’s employees to learn about their IT functions and the technical architecture. Then, we assessed their systems from various perspectives
FIREWALL REVIEW
We conducted connectivity tests for the firewall and an architecture analysis to review its configuration and compare it to best practices. To test for exploitable weaknesses, external and internal vulnerability scans were performed on the technical platforms.
ANALYSIS
We then analyzed the risks and weaknesses of the system. For each risk we recommended suitable improvements to the architectural, operational, and/or network protection setup. Furthermore, we made product strategy and licensing recommendations.
FINAL REPORT
All findings were discussed with the client in a final joint workshop-style meeting and the report with recommendations was handed over. The discussion allowed the team to improve their understanding of the threat opportunities and protection procedures. The proposed measures were categorized as high, medium, and low priority. The university has already implemented several of the recommended quick wins during the analysis. The important measures have been incorporated into medium- and long-term planning.
RESULTS:
- The organization obtained a clear image of the main weaknesses, threats, and their impact in terms of possible operational, financial, and legal consequences.
- A plan exists to address the risks with the highest impact, along with a milestone approach to improve upon each (short-medium-long term improvements).
- An overview of recommended measures including high-level estimates of efforts and costs, projected for the coming years supports the internal planning and budgeting process.
- The IT staff learned how to improve the security posture and reduce the attack surface for hackers and other malicious actors in the future.
