Customer Case Study:
Customer Profile
Customer is a Multinational corporation that provides business consulting, IT, outsourcing services and next-generation software services. It is one of the largest public companies in India.
- Industry: Consulting, IT/ITes
- Employees: 150,000+
- Products: FireCompass RECON, FireCompass ATTACK
Business Challenge
Challenge 1: Manual Red Teaming exercise was time taking
Challenge 2: Shadow IT Assets Unknown To Security Team
Engineering/marketing team created multiple online applications/systems as per their need without informing the security team. Past employees did not document all systems they took online.
Solution
Attack Surface Discovery:
- Domains/Subdomains/IPs/Applications Enumeration
- Preprod, UAT Systems, Online DBs Identification and Reporting
Attack Surface Monitoring
- Vulnerabilities (Through Passive Scanning) Monitoring
- Malicious Infrastructure Monitoring
- Open S3 Buckets Identification and Monitoring
- Code Leaks Identification and Monitoring
- Phishing Domains Monitoring
Red Teaming
- Monthly automated Red Teaming
- Active vulnerability assessment
- Infrastructure Security Assessment
- Penetration Testing
Results
Substantial Reduction in Attack Surface
FireCompass support to bring down systems which were not required to be online resulting in substantial reduction of the attack surface
Continuously Updated Asset Inventory
FireCompass internet wide continuous monitoring tool has helped the customer to have an up to date inventory of their digital internet facing assets which were missing earlier.
Discovery and Mitigation of Unknown Shadow IT Risks
FireCompass helped the customer to track the exposed digital assets including:
- 50+ preprod, staging and testing systems
- 100+ unused domains/subdomains, some of which were susceptible to hijack/takeover
- Exposed documents & files
- Compromised / malicious infrastructure
- Exposed backend APIs
Identification of open online codes & sensitive information
- Identified leaked data/database including open S3 buckets & online vulnerable systems
- Identified code & sensitive information that were open to public access that includes public github repositories
FireCompass RECON identified publicly available sensitive information and codes which helped customer to bring it down.
Near Real-time Monitoring of Digital Risks
FireCompass helped them to monitor their attack surface on a daily basis, reducing chances of missing out new risks, and notified about some of the critical risks in pre prod applications, online systems with vulnerabilities, leaked credentials, risk in their subsidiaries ..etc
"To our surprise, the tool has exceeded our expectations in identifying numerous domains and subdomains that are shown as public, but should be private ..."
Get A Hacker's View Of Your Attack Surface
Get a free report of your organization’s attack surface from a hacker’s viewpoint (Unsanctioned Cloud Assets, Digital Footprint, Phishing Risks, Misconfigured Infrastructure & more.) * Limited number of assesments
About FireCompass
FireCompass is a SaaS platform for Continuous Automated Red Teaming (CART) and Attack Surface Management (ASM). FireCompass continuously indexes and monitors the deep, dark and surface webs using nation-state grade reconnaissance techniques. The platform automatically discovers an organization’s digital attack surface and launches multi-stage safe attacks, mimicking a real attacker, to help identify breach and attack paths that are otherwise missed out by conventional tools.