Uses Case USES CASE
THREAT RESPONSE
THE CUSTOMER - NEEDS
The Customer is specialized in energy efficiency services for industry, offers its customers tailor-made solutions to reduce their energy consumption and
their environmental impact. It manages 25 industrial sites in Italy and is able to operate on a large territorial area, both directly withits own branches and through the network of its own group. The need is to have an intelligent system to protect the network from cyber threats
THE PROJECT
The customer has several offices located in Italy connected with a private site-to-site connection. The project was led by Innova. Each site has two clustered firewalls installed on which multiple security domains have been created. two network areas was designed, separate the industrial part (SCADA – Supervisory Control And Data Acquisition) from the Office network. This approach improve cybersecurity defense because multiple layers of protection spread across computers, networks, programs, or data that are kept separated. In this context a unified threat management system has been implemented through a central console that monitors and controls all security appliances and performs the main functions of: detection, investigation and resolution. The partner was Fortinet.
The system of threat Response that was deployed orchestrates several key phases of the incident response process.
It can ingest any alert from any source and automatically enrich and group them into incidents in a matter of seconds. The Innova security teams receive rich and vital context from leveraging ThreatIntelligence as well as third-party threat intelligences to help understand the “who, what and where” of attacks, prioritize and quickly triage incoming events. Using all this information, Threat Response automates workflows and response actions such as quarantine and containment actions across the infrastructure
RESULTS
Multi-layered cyberattack protection. Effective defense against cyber attacks. Educate users to comply with safety principles. Performance increase Integration with the existing infrastructure and standardization of the devices
EMAIL THREAT PROTECTION
THE CUSTOMER - NEEDS
The Customer is a leading player in the field of support and care for the elderly (nursing homes, rehabilitation clinics ,home care services.) The need is to implement a full emailbased protection in order to : Prevention of threats from entering the healthcare organization Protection of remote staff Prevention domain from being spoofed in attacks against its patients, partners and staff
THE PROJECT
The project was to introduce a multiple approach based on 3 solutions connected among them:
A targeted attack protection (TAP) system to monitor incoming emails and block advanced threats that use malicious URLs and attachments.
A data loss prevention (DLP) to filter outgoing emails containing sensitive data.
A Threat Response Auto-Pull (TRAP) to reduce the work required to respond when TAP has detected malicious email.
An Email Fraud Defense to protects against imposter attacks by authenticating email traffic.
At the end, a Security Awareness Training was conducted to test users through simulated phishing campaigns.
RESULTS
Improved capture of threats that target people through email (more 100 threats neutralized a day)
Raised awareness of security threats among staff.
Increased visibility to BEC attacks targeting their brand.
Block of Data exfiltration
KEEP SECURE THE WEB BROWSING
THE CUSTOMER - NEEDS
The Customer is a leading company in legal and tax services. The needs is to ensure a secure web navigation to all its employees
THE PROJECT
The project was to implement a platform that through the use of AI technology performs a behavioral analysis of web services, overcoming the limits of classical security solutions that just rely on a reputational approach.
An extension applied directly acts on the devices, protecting the browsing of people everywhere even without a VPN.
All browser filter in real time all dangerous connections, analyzing the actual behavior of web services, regardless of their reputation.
A dashboard was implemented in order to give a complete manage to internal IT department to monitoring attack;
Setting of content web filter;
Reporting of suspect behaviorS
RESULTS
Over 200,000 new phishing sites identified every day, of which 84% remains active for less than 24 hours, remaining invisible from classical solutions.
Blocked hundreds of connections on sites that are deemed inappropriate for the company
VULNERABILITY ASSESSMENT & PEN TESTING
THE CUSTOMER - NEEDS
The Customer is a leading company manufacturing of IoT smart home devices.
The need is to test the security of products before launching them on the market.
THE PROJECT
The project consisted of a gray-box security assessment on target devices; activity performed include both automated and manual analysis. The tests were conducted from INNOVA in a laboratory created ad hoc.
The devices involved in the activity were:
Complex System of Connected VideoDoor Entry for large group of buildings.
Burglar system Unit and periphericals.
Smart Thermostat.
Home Connected video door entry Alexa build-in the followings test were conduct.
● Attack surface assessment via dynamic test.
● Network traffic analysis with focus on clear-text communication channels.
● Business logic security review on the main use-cases.
● Web Application Penetration Test (WAPT) on the Server.
● Firmware static analysis.
● Cloud systems and services (mostly APIs).
● Server network services.
● Web application reverse engineering and source code analysis.
RESULTS
During this engagement, a total of 134 vulnerabilities were found in the Target of Evaluation by the INNOVA Team.
In terms of severity, 38 vulnerabilities were classified as critical. Many of the vulnerabilities in the environment are due to: weak credentials, improper or missing authentication, bad coding practices, lack of hardening, or use of insecure protocols. a mitigation plan was proposed and for each identified vulnerability the Innova team helped the customer to fix it
IMPLEMENTATION of ISMS ISO/IEC 27001
THE CUSTOMER - NEEDS
the Customer is an engineering and construction group.
The company can boast a proud history of involvement in Italy landmark projects. Today, The Customer employs around 600 people, providing engineering solutions in in diverse sectors.
the Customer decided to obtain the ISO/
IEC 27001 certification in order to:
• Improved quality and efficiency
• Better environmental performance
• Enhanced health and safety record
• Stronger collaborative working
• More secure information management
• Increased business resilience
THE PROJECT
The project took a year to implement its information security management system (ISMS).
An initial gap analysis undertaken by the company revealed that it already had half the requirements in place for a compliant ISO/IEC 27001 ISMS.
The biggest challenges Customer faced during the implementation process were the requirements enhancing its IT infrastructure and the formalization of a data management policy.
This required adjustments in the way Customer works, including changes to the way information are protected , particularly to the strategic and confidential.
These challenges were addressed by ensuring the benefits were communicated across the business and through early engagement with the relevant people, whilst also developing the policies and stress testing scenarios.
To assist with the implementation of its system, Innova trained critical customer team members to become proficient internal auditors.
Innova also carried out a Risk assessment identifying gaps in the system and allowing improvements to be made prior to the thirdparty audit.
All staff from senior management to operational and support staff participated in training sessions and presentations to ensure full understanding and engagement across the business.
RESULTS
Centralized Security Governance was implemented Sustenance of Information security processes had become more streamlined and easier to achieve and track Clear roles and accountabilities were set among team members Increased resilience to cyber-attacks.
Company reputiation improved leaps and bounds. More mature Information Security landscape.