The Battleground:

A local business that also uses an extranet with other local vendors.

The Presumption:

Making sure the data and access restrictions are setup correctly for the extranet. Knowing what kind of data is moving around between the companies to spot irregularities.

The Discovery:

Unusual data had been sent from a vendor to the local business that allowed a malicious user to gain access to user information. The malicious user then moved laterally within the network to gain access to the local business' sensitive information.

Our Solution:

Make sure that vendors that have access to your network via an extranet are also secure and have not been compromised. Know the type of information that company can have access to and what type of data that is sent.

Lessons Learned:

All points of access from all companies involved need to be properly secure to prevent malicious users from getting in. If one company gets infiltrated, then all companies may get infiltrated.