About the Client
The client is a globally-renowned financial services provider in the telecommunication sector. Through its wide range of network services, the client offers enhanced security solutions to financial institutions and also facilitates ways for standard and reliable financial transactions. Their product line includes software and related services to the financial institutions. Because of its efficient services and wide global presence, the client’s products have in fact become industry standards for the majority of financial telecommunication services and applications.
Client Requirements
A well-planned IT infrastructure and virtualization services resulting out of Production Security Operations (PSO) and efficient server configurations along with an extended security baseline.
Challenges
1) Infrastructure Security Risks
Due to increasing risks and non-compliance issues, the client’s IT infrastructure required significant security enhancements. These security risks, particularly for a global financial services provider, threatened the stability of the financial transactions facilitated through their systems. Implementing security baselines for a robust infrastructure was a key challenge.
2) Server Maintenance and Configuration
Managing and configuring around 200 servers while ensuring they adhered to the Baseline Tool (BTL) and Minimum and Extended Security Baseline was complex. Manual operations on initial servers were time-consuming and increased the potential for errors, making server maintenance a crucial aspect of optimizing.
3) Direct Implementation on Live Servers
The absence of lower-level environments, such as Development (Dev) and Quality Assurance (QA), necessitated implementing changes directly on live servers. This added complexity, as there was little room for error during the security configuration and maintenance processes.
4) Managing Security Alerts from the Red Team
Another major challenge was addressing the continuous flow of security alerts from the Red Team. These alerts highlighted vulnerabilities and non-compliance issues that required immediate attention and remediation, adding pressure to the operations team.
Solutions
1) Enhanced Security Baselines for Infrastructure
Veritis implemented the Minimum and Extended Security Baseline standards to secure the client’s infrastructure. The team effectively minimized security risks and non-compliance issues by aligning server configurations with these baselines. This approach ensured the client’s IT infrastructure remained robust and secure, addressing critical vulnerabilities.
2) Automation of Server Maintenance
To address the challenge of maintaining 200 servers, Veritis developed generic scripts that automated the server configuration process. Initially, around 10 servers were manually operated, but once standard solutions were identified, the scripts were applied to the remaining 90 servers. This saved time, minimized errors, and streamlined operations, ensuring consistent server maintenance.
3) Live Server Implementation with Risk Mitigation
Without lower-level environments, Veritis implemented the necessary security configurations and server maintenance directly on the live servers. The team carefully monitored each stage of the process to mitigate risks and ensure stability. This approach required meticulous planning and execution to avoid disruptions to live financial services.
4) Efficient Security Alert Management
Veritis worked closely with the Red Team to manage the flow of security alerts. The team quickly addressed vulnerabilities by creating prioritized workflows and leveraging tools such as Splunk for log analysis, ensuring the client’s systems were secure and compliant. The proactive management of security alerts helped prevent potential threats from impacting the client’s operations.
Veritis Approach
The key objective of this project is to configure client servers in line with the Baseline Tool (BTL), and Minimum and Extended Security Baseline, for a secured infrastructure and an efficient server infrastructure.
Over the six-month-long project that involved around 200 servers, Veritis team of experts implemented a standard approach of generating generic scripts to save time and avoid the complexity of running entire servers manually on around 90 servers.
Though around 10 servers were operated manually in the initial stages, all the common solutions were grouped to form the script that can be run on all servers.
Technical expertise with regard to LINUX and UNIX operations forms one of the key Veritis offerings to the client for this project.
Through Veritis services, the client could achieve addressed security risks and non-compliant issues.
A Snapshot of Services Delivered:
Overall, Veritis services to the client as part of this project include:
- Minimization of security and non-compliance issues
- Generating timely reports on status of servers
- Checking server compliance with BTL
- Ensuring effective server configuration
- Manually change staging servers as and when required
- Securing infrastructure
- Generate server scripts to minimize manual operations
Platforms and Environments Used
Physical and Virtual Servers, Red Hat, Solaris, Splunk, TPAM, Salesforce, IAM, Jabber, Outlook and IOD were among key tools and technologies used for this project.
Leave a Reply
Required fields are marked *
Be the first to write a comment.