One Company.
Two Ransomware Attacks.

This company was long overdue for
a comprehensive Security Assessment.

Region: Bay Area, California

Client Type: Enterprise

Client Size: >1000

Industry: Manufacturing

Client Profile:
Based in Northern California, this privately owned company has been an industry innovator for more than 50 years.

About ZAG:
ZAG Technical Services, Inc.(ZAG) is an award-winning Bay Area IT consulting firm specializing in managed services, network infrastructure, security assessments, disaster recovery planning, and cloud computing services.

ZAG provides enterprise-class business solutions that enable clients to succeed by reducing IT costs, increasing productivity and ensuring security.

With offices in San Jose, Salinas and San Ramon, California, ZAG serves businesses throughout the Western United States.

Today, security problems are business problems. Technology solutions can discover vulnerabilities and close security holes. A pro-active approach will improve productivity, lower costs and provide a competitive advantage.
— Greg Gatzke, President, ZAG Technical Services

Situation

ZAG Technical Services was called in to assess the security of the networks and systems of a Bay Area based company after it had recovered from two ransomware events.


Solution

The ZAG security team used a combination of leading industry tools and techniques to evaluate and test the current state of the network. Interviews were held with key members of management and information technology staff to determine areas of needed improvement for the organization.

A number of issues were discovered during the course of our assessment. Issues included systems that were running end-of-life operating systems, inadequate patching of servers and workstations, and an under resourced Information Technology department.

The ZAG team discussed the results with the customer prior to delivery of the formal report. This level of open communication between the ZAG team and the customer helps to ensure we can provide the best roadmap forward for the organization.

Our results were documented in a series of reports and presented to the customer for review. After reviewing the ZAG remediation priorities and options, the customer commented on how the ZAG assessment was much more comprehensive and thorough than another recent vulnerability scan that had been preformed by another vendor.

The ZAG team made a number of recommendations both during the assessment phases as well as in the final report. A number of the recommendations made during the assessment were already underway by the time the final presentation was made. This included a key area of adding another Network Administrator to balance the workload of the team and share knowledge of the environment. The hiring process was underway by the time we presented the report.

cyber security basics edited 9-12-18.png

Our recommendations included:

  • Change all passwords especially accounts with privileged access since the ransomware incidents may have compromised these credentials.

  • Rebuild all systems that were compromised by ransomware from a “golden” image.

  • Strengthen the password policy. Even with the deployment of Multi Factor Authentication, passwords should be changed at least twice a year.

  • Implement Cisco Umbrella to monitor and protect DNS traffic.

  • Review backup procedures and preform test restores to ensure that critical systems can be recovered.

  • Be sure that all systems maintain antivirus everywhere, and timely patch levels, even test or development systems.

  • Remove unnecessary or outdated software from the servers and workstations.

  • Conduct regular penetration tests to expose other vulnerabilities.

Summary

The ZAG security assessment illustrated not only the technical weaknesses, but the culture that allowed the weaknesses to persist and grow. Building a secure and resilient organization takes a commitment from everyone.

Benefits

The partnership with ZAG is allowing the organization to complete projects that had previously been stuck “in-process”

without completion. The process of measuring the organization against industry benchmarks, helps to provide a roadmap to reduce the risk of additional attacks. For more information on cyber security attacks, please view the slide show here.