The Challenge
Construction businesses are often quite complex, with numerous sites and cloud-based IT systems. It is challenging to protect these systems from IT vulnerabilities, especially with industrial equipment on the network. Nevertheless maintaining confidentiality, integrity and un-interrupted availability of IT services is important in this sector too.
How we solved it
Without a vulnerability management system in place, weaknesses in an IT architecture may go unnoticed. To ensure the client’s network security was as strong as possible, Arco IT employed a thorough testing and assessment platform.
1. Discover
Numerous discovery scans were executed on the network to compare the inventory of systems against the actual state on the network.
2. Scan
Using specialized tools, we scanned the assets on the network for potential vulnerabilities.
3. Assess & Report
The systems were classified into criticality levels, based on the vulnerability type and the level of exposure of the system. The outcome was then reviewed with the stakeholders.
4. Remediation & Verify
We defined a priority-based action plan with the stakeholders and used follow-up audits to ensure that the issues got resolved. To assure continued handling of new vulnerabilities, a periodic scan is now part of the company strategy.
RESULTS:
- Improved security & control across 12 construction sites
- Internal and external security gaps were highlighted in an easy-to read report
- Identified and remediated the critical vulnerabilities
- Criticality scores assigned to over 1000 hosts, to indicate how their IT systems stand in terms of security compliance.
