Strengthening the Security Posture Through System Hardening
A large financial services company that offers a wide range of insurance and investment products to individuals and businesses. Founded in 1875, the client operates in the United States and several other countries, serving customers worldwide. With the fast change of technology and uncertainty in technological regulations, the client engaged Pragma for security hardening task assistance. Having consistently secure configurations across all systems ensures minimal risks to those systems. Another requirement is to ensure that any new system created will be equally designed in terms of security.
The client's IT environment consists of multiple systems with various operating systems and ensuring all the systems are hardened securely and consistently became daunting. This is especially challenging for newer or niche operating systems, as there is limited reference to establishing a security hardening standard.
Pragma worked with the client to create and write security hardening standards for various enterprise operating systems and developed a tool to audit the existing system configuration and automate the implementation tasks based on the established standards.
The process of defining security hardening involves several steps:
We performed a Risk assessment: This involves identifying the assets that need to be protected, the threats they face, and the impact of a security breach on the organisation. This step provides a foundation for the security hardening process and helps to prioritise the measures that need to be taken.
We developed a Policies: This involves creating policies and standards for securing technology systems and devices. The policies were based on regulatory and industry good practices and tailored to meet the organisation's specific needs.
The organisation performed the technical implementation: This involves implementing the security hardening policies and procedures, and scripts
The security hardening process for technology is ongoing and regularly reviewed to ensure that it remains effective and up-to-date in protecting the organisation from security threats.
Our recommendations and tool enabled the client to assess the system security posture efficiently and strengthen the system if required within a few clicks. This allows them to keep pace with continuous compliance activities.