SUCCESS SNAPSHOT: A Large MUNICIPALITY NEEDED TO HARDEN ITS ATTACK SURFACE
One of the largest counties in the United States knew they had blind spots in their IT enterprise that translated into large gaps in their security. They knew they needed a more proactive approach to cyber risk and turned to StratumPoint (SPI).
Beginning with an intelligence-led threat landscape analysis, SPI identified the most likely and most dangerous threat actors currently operating in the wild that would target the County; overlaying their tactics with an SPI comprehensive external vulnerability assessment and black-box penetration test. Multi-modal advanced social engineering efforts emulating current trends were developed and deployed highlighting user vulnerabilities. Red Teams moved through the network, emulating the tactics and techniques of the identified threat actors through custom-developed campaigns. The internal technical testing revealed both vulnerabilities and strengths in their people, process, technologies, and controls that provided actionable insight for gap remediation as well as sound justification for additional resourcing.
Working sessions and a final out brief with key County stakeholders provided an effective knowledge transfer while a final reporting deliverable crafted for Executive consumption articulated the strengths challenges, and resourcing justification to remediate gaps, reduce the attack surface, and harden the County as a target.