FORTUNE 500 CREDIT CARD, GLOBAL PAYMENTS, AND TECH COMPANY | IT SECURITY POLICY REVIEW AND SURGE CAPACITY
A multinational financial services company, specializing in payment systems and credit cards, engaged DarkTower to conduct a full review of IT Security policies and procedures.
1. REVIEW OF IT SECURITY POLICIES AND SURGE CAPABILITY
SITUATION
The client engaged DarkTower to conduct a review of the corporate IT Security policies and procedures, providing a resource surge plan to be able to rapidly scale based on the client’s IT Security needs.
SOLUTION
DarkTower conducted a full review of the client’s IT Security policies and procedures against the NIST framework as well as industry best practices. DarkTower also designed and implemented a Cyber Surge Team, allowing the client to rapidly deploy resources as needed to support time-sensitive projects and evolving cybersecurity needs.
RESULTS
The client strengthened their IT security posture through updated policies, procedures, and by implementing recommended best practices from DarkTower’s findings. The DarkTower Surge Team reduced resource onboarding time from 60 days to 48 hours from approval. This enabled the client to more effectively manage resourcing for critical projects and deliver on those previously in yellow or red status.
2. ASSISTING WITH A MIGRATION TO CLOUD BASED SAAS AND IAAS SERVICES
SITUATION
The client was transitioning to Cloud-based SaaS and IaaS services. As one of the largest card processors in the world, their organization routinely handles highly sensitive financial data. In addition, the organization was in the process of transitioning to Microsoft O365.
SOLUTION
DarkTower provided Security Engineering support for the O365 migration, including comprehensive review and recommendations of O365 components. DarkTower’s consultants ensured information security requirements were effectively integrated into the cloud solution, while engineers assisted with defining best practices for secure configuration of the client’s information systems.
RESULTS
Through ongoing consulting and Surge Team capacity, DarkTower enabled the client to implement their cloud-based service and continues to remain an integral part of the implementation, providing guidance and consulting services to the client’s team.
3. IDENTIFYING AND ASSISTING WITH IMPLEMENTING A GLOBAL VISITOR MANAGEMENT SYSTEM
SITUATION
The client was in the process of selecting a new global visitor management system designed to not only enhance their security posture, but create a positive digital experience for their visitors. The proposed solution replaced multiple existing Visitor Management Systems and manual processes, such as a physical log book and standalone tablet systems. It was essential for the system to provide a seamless workflow for pre-registering, registering, checking in, tracking, and checking out a visitor from a single global platform. The end goal was to provide a secure, frictionless visitor experience.
SOLUTION
DarkTower provided Security Engineering support for the vendor selection process including engineering support of a multi-location Proof of Concept with three vendors. Serving as the primary security engineers, DarkTower’s consultants were responsible for reviewing all vendor processes, infrastructure designs, and ensuring that the proposed solutions complied with the client’s security standards, while ensuring a frictionless visitor experience.
RESULTS
Through the DarkTower partnership, a vendor was selected and the project received funding for implementation. The system was successfully rolled out globally with all recommended security requirements in place.
4. THIRD PARTY VENDOR REVIEW
SITUATION
The client’s security team received numerous ongoing requests from various sources to assess security products and vendor capabilities. The volume of requests required a solution to efficiently research, track, and report assessments and vendor capabilities.
SOLUTION
DarkTower designed a vendor assessment tool with alignment to NIST 800-53 standards. In addition, a vendor assessment portal was developed to provide stakeholders visibility into assessment progress.
RESULTS
The vendor assessment system was successfully launched, processing an average of 50 assessments per month. Stakeholders now have the ability to utilize the self-serve system to review requests and receive status updates throughout the process.
5. ACTIVE DIRECTORY ASSESSMENT AND IMPLEMENTATION
SITUATION
The client was in need of a security engineering practitioner with expertise in implementing a new structure for Active Directory, and to ensure privileged account access was properly implemented.
SOLUTION
DarkTower identified a Subject Matter Expert to help manage, assess, and design a plan to implement a new structure for Active Directory and privileged account management.
RESULTS
The Active Directory Assessment was successfully completed, and DarkTower executed the transfer of ownership and operational responsibility of the Active Directory, as well as the overall infrastructure components, to the appropriate team in IT Security.
RELATED CASE STUDIES
CYBER ENGINEERING
DarkTower conducted a full review of IT Security policies and procedures against the NIST framework and established a cyber surge team.
THREAT INTELLIGENCE
Significant changes were implemented from DarkTower's assessment to secure and optimize the college’s information infrastructure.
THREAT INTELLIGENCE
DarkTower conducted a forensic investigation to locate the point of compromise, reclaim financial losses, and prevent future attacks.
CYBER ENGINEERING
DarkTower provided a mobile deposit vulnerability assessment and application security scanning for the client’s Android and iOS applications.
