This client is an educational institute in the UK. In view of ongoing frequent cyber-attacks in different educational institutions, they were looking for a robust mechanism to detect any indication of compromise in their estate and to act upon it immediately.
Infosys performed round the clock security monitoring, threat intel ingestion, finding, and reporting security incidents which helped them in timely identification of cyber threats.
Key Challenges
- Difficulty in detecting and blocking Indicator of Compromises (IOCs) which can potentially lead to major security incidents/breaches
- High number of spam/phishing emails targeting the client environment
- High cyber risk due to unrestricted internet access to production servers
The Solution
Quick identification and remediation of cyber-attacks
- Created knowledge objects containing IOCs, IP addresses and URLs which could be checked in firewalls and proxy logs
- Deployed and published SPF (Sender Policy Framework) / DMARC (Domain-based Message Authentication, Reporting & Conformance) protection on email security gateway
- Reviewed firewall rulebase and analyzed network traffic logs to impose restriction to open internet
Benefits
Improved threat detection and response
Enhanced security with proactive and regular monitoring of threat intel feeds for IOCs
Immediate remediation of attacks with regular review of prevalent cyber-attack IOCs and associated vulnerabilities
Significant reduction in mail abuse incident as a result of improved email gateway security policies
Improved firewall security rules to restrict unnecessary access thereby reducing attack surface
