This case study looks at how Intruder helps its customers protect themselves against the new vulnerabilities that are discovered daily. Critical risk weaknesses in internet exposed infrastructure regularly crop up without warning, and organisations need to react - fast. Keeping track of security news for the latest threats, and manually running vulnerability scans to detect those weaknesses can be a time-consuming manual process, and not all organisations have the available resources or personnel to do this effectively.
Intruder solves this problem by proactively scanning for the latest threats as they emerge, so your technical teams can be alerted and put a fix in place before the bad guys have a chance to exploit them.
Our client is a medium-to-large sized firm which operates internationally with a tight-knit, modest-sized security team and is tasked with protecting a large number of systems located all over the globe. Like many similar organisations, their team size requires that they operate as efficiently as possible by carefully distributing the team’s resources and automating processes wherever possible. As the organisation's digital footprint has grown over the years, so have their cyber security needs. They needed a solution that a the latest security threats, without having to rely on manual processes.
To secure their critical infrastructure, they signed up for Intruder’s ‘Verified’ service, which offers enterprise-grade vulnerability management with penetration testers on hand to manually verify results and analyse the real impact of security issues. In this case study, we dive into an example of how the Intruder service helped them discover, remediate, and verify fixes to a critical level weakness in early 2020.
At the end of 2019, a critical vulnerability was disclosed in Citrix’s ADC and Gateway appliances which could allow an attacker to remotely run code on the affected system without the need for credentials or other privileged information.
This type of vulnerability is ‘Critical’ risk, because a remote attacker can gain full control over the system remotely with relative ease. In this case, the situation is even more serious, since Citrix Gateway devices can be used for access to private networks, successful exploitation is likely to lead to further compromise of other connected systems.
Public exploit code that could be used to exploit the weakness was released on January 10th 2020. On the same day, Intruder scanned the organisation’s systems, discovered a vulnerable system, and notified them of the issue and recommended remediation advice. This gave the client a head start with prioritising a fix for this serious weakness, allowing them the time they needed to put mitigations in place as soon as possible.
Our client’s technical team swiftly put mitigations in place, and Intruder’s penetration testers manually verified that the temporary mitigations advised by Citrix were successful, and that the systems were no longer vulnerable. This service gave our client the confidence that the temporary fix was effective, which was important since Citrix did not release a full patch for the affected system until January 22nd 2020.
This example shows how our client achieved continuous security coverage and peace of mind, knowing they were able to prioritise a fix as soon as possible for this serious weakness. What’s more, with Intruder’s Verified service, the client was able to sleep easy knowing that their mitigation steps were effective and that the systems were no longer vulnerable.
In order to react as quickly as our client did to this serious weakness, traditional vulnerability scanning customers would need manual processes in place with a security analyst to respond to new weaknesses announced and manually run scans to detect them. Whilst this can also be an effective way of solving the emerging threats problem, it is resource-intensive and vulnerabilities could be missed by the manual nature of the process. Intruder saves you the time required to constantly stay up to date with security news and configure a scan, whilst also providing you with the confidence that the latest threats are being discovered in your most exposed systems in real-time.
Our client continues to benefit from proactive threat scans to stay ahead of the hackers, and so can you – try Intruder today.