Throughout its 140-year history, our customer, a holding company of one of the three largest banking groups in Japan has been committed to offering a range of commercial and investment banking services to corporate, institutional, and municipal clients.
In the Americas, they have a strong presence in the U.S., Canada, Mexico, Brazil, Chile, Colombia, and Peru. Our customer had data centers located in various locations like Japan, Hongkong, USA, and more. However, with this global reach came the need for increased security measures to mitigate attack surfaces and vectors.
Recently, they turned their attention to fortifying the security posture of their data center and managed cloud. They sought to enhance their existing measures to ensure the security of infrastructure elements. As a security-driven organization, their focus on this critical aspect of their business was second to none.
Our customer had over 150 devices in one region, including firewalls, switches, and routers, that needed hardening to comply with CIS Benchmarks on the recommendations of their Audit Committee. This would enhance the security of the devices and contribute to a robust overall security posture.
The client had full visibility into their device configurations, but they were not able to assess whether the devices were in compliance with CIS benchmarks, leaving the devices vulnerable to potential security breaches. They recognized that they needed expertise to help them address this issue urgently. The key requirement was to automate the assessment and remediation of the devices to comply with CIS benchmarks.
Xoriant Solution | Key Contributions
As a trusted security partner, Xoriant understood the client's requirements and proposed an effective solution that included automating the assessment and remediation of devices using scripts. Using manual resources to address this would have taken anywhere from 9 to 12 months with the possibility of human errors and misconfiguration leading to a negative impact.
The Xoriant team assisted in automating the process and developed scripts using XML, Python, and APIs. These scripts followed the latest CIS benchmarks applicable to the specific device OS version.
Individual scripts were developed for firewalls, switches, and routers, with each script designed to assess and remediate the device's configurations to ensure compliance with CIS benchmarks. To ensure quality, Xoriant set up a test environment to test the scripts before delivering them to the client. These scripts were then executed on the client’s test devices and then during production, through Ansible making the process of assessment and remediation seamless.
As part of Phase 1, the Xoriant team conducted a comprehensive assessment on all 150 network and security devices in just 8 weeks. The team then analyzed the reports to determine which configurations were compliant or non-compliant. The team discovered that all devices were, on average only 40–60% compliant.
In Phase 2, the team remediated the non-compliant configurations and brought them to a compliance level of 93–97% (the highest that is acceptable as per the client environment) in just 12 weeks.
Once the assessments and remediation were complete, the Xoriant team created a process for the client to use the scripts for their regular operations. This solution provided the client with the necessary expertise to ensure their network and security devices were hardened against CIS benchmarks, providing them with enhanced protection against potential threats.
Overall, this partnership between Xoriant and the client exemplified the client's commitment and their willingness to take the necessary steps to ensure security of their network and security devices were protected against potential threats. With this enhanced protection in place, the client could focus on what they do best: providing their customers with innovative solutions that drive business success.
As a result of Xoriant's solution, the client was able to achieve numerous business benefits. Firstly, the assessment and remediation of devices now meet CIS benchmarks with 100% compliance.
Device hardening was fully automated, reducing the time duration from weeks to minutes without errors and misconfigurations. This allowed the client to focus on other critical tasks without worrying about the security of their devices to protect against potential insider and external threat actors.
Moreover, the solution provided full visibility and control over the entire configuration of devices. The client was now able to track all the changes made to their devices and ensure that they comply with industry and security standards and frameworks. This helped the client to address audit issues, comply with other security frameworks such as ISO 27K, NIST, PCI, etc., and regulatory requirements, and avoid penalties for non-compliance.
The risk severity of the devices was reduced from high to low, giving the client peace of mind knowing that their devices were thoroughly protected. Overall, Xoriant's solution not only helped the client improve their security posture but also allowed them to focus on their core business while meeting industry and regulatory standards.
XML, Python, Ansible Tower, GNS3 Simulator, Cisco Devnet, Palo Alto Panorama