LTIMindtree Logo
logo_lnt_group_company
  • What we do
    • CAPABILITIES
    iRun
    • Application Management Services  
    • Cognitive Infrastructure Services
    • Cybersecurity
    iTransform
    • AI-led Engineering
    • Data and Analytics
    • Enterprise Applications
    • Interactive
    • Industry.NXT
    Business AI
    • BlueVerse
    PROPRIETARY OFFERINGS
    • GCC-as-a-Service
    • Unitrax
    • Voicing AI
  • Industries we serve
    • INDUSTRIES
    • Banking
    • Capital Markets
    • Communications, Media and Entertainment
    • Energy & Utilities
    • Healthcare
    • Hi-tech
    • Insurance
    • Life Sciences
    • Manufacturing
    • Retail and CPG
    • Travel, Transport and Hospitality
  • About us
    • ABOUT US
    • Company
    • Investors
    • Brand
    • Newsroom
    • Partners
    • Insights
    • Environment, Sustainability and Governance
    • Diversity, Equity and Inclusion
  • Careers
logo_lnt_group_company
Contact
  • What we do
    CAPABILITIES
    iRun
    • Application Management Services  
    • Cognitive Infrastructure Services
    • Cybersecurity
    iTransform
    • AI-led Engineering
    • Data and Analytics
    • Enterprise Applications
    • Interactive
    • Industry.NXT
    Business AI
    • BlueVerse
    PROPRIETARY OFFERINGS
    • GCC-as-a-Service
    • Unitrax
    • Voicing AI
  • Industries we serve
    INDUSTRIES
    • Banking
    • Capital Markets
    • Communications, Media and Entertainment
    • Energy & Utilities
    • Healthcare
    • Hi-tech
    • Insurance
    • Life Sciences
    • Manufacturing
    • Retail and CPG
    • Travel, Transport and Hospitality
  • About us
    ABOUT US
    • Company
    • Investors
    • Brand
    • Newsroom
    • Partners
    • Insights
    • Environment, Sustainability and Governance
    • Diversity, Equity and Inclusion
  • Careers
Contact
  1. LTIMindtree is now LTM | It’s time to Outcreate
  2. Insights
  3. Enhancing the customer experience by modernizing a leading North American bank's contact center

Black-Box Infrastructure Penetration Testing for a Large Investment Company

Mar 01, 2024

  • Client Profile
  • Business Challenges
  • LTM Solution
  • Business Benefits
  • Client Profile
  • Business Challenges
  • LTM Solution
  • Business Benefits

Client Profile

A large investment company based in Canada has expressed interest in performing a black-box approach penetration testing to identify potential vulnerabilities across its infrastructure. The company has over 300 external and 2000 internal assets.

Business Challenges

  • Lack of a 24/7 vulnerability management solution to identify critical vulnerabilities
  • The internal network was flat and could be reachable from any critical server or endpoint
  • The Active Directory was not properly configured
  • Critical vulnerabilities on internal IPs and domain controllers posed a risk to the overall network compromise
  • Insufficient network segmentation allowed attackers to move freely across regions and escalate privileges
  • Business continuity and disaster recovery plans were either outdated or incomplete, leaving the organization ill-prepared for major disruptions or cyberattacks
  • Configuration management for critical infrastructure components lacked proper enforcement, exposing them to misconfiguration-based attacks

LTM Solution

  • Performed grey-box pen-testing on internal infrastructure stretched across the USA, Canada, Europe, and Asia.
  • Recognized external assetsʼ IP addresses via passive reconnaissance and identified internal IPs from the US/Can/EU/Asia regions.
  • Collected employee details from previous data breaches via open-source intelligence (OSINT).
  • Enumerated running external services to find and exploit possible vulnerabilities in a controlled manner.
  • Enumerated running internal services to find vulnerabilities on workstations and networking devices.
  • Identified Active Directory attack path and reported all the findings with possible patches, solutions, or workarounds. 

Business benefits

  • Improved external infrastructure security that lowered the risk of external breaches by exposing less than 30% of the system to attackers.
  • Reduced the risk of domain controller takeover by 90% through proactive measures against misconfigurations.
  • Improved data protection measures by addressing a breach affecting over 75% of employee details.
  • Improved regional network segmentation and restricted movement across the US/Can/EU/Asia regions, enhancing data locality and compliance.
  • Reduced the attack surface by 33% by securing HTTP/s services against external vulnerabilities.
  • Proactively defended against advanced persistent threat (APT) groups and prepared measures to counter advanced persistent threats.
  • Strengthened internal network security defenses by lowering network compromise risk by more than 70%.
slider image
Case Study
calendar June 3, 2024
Modernize Your Workloads on Snowflake with PolarSled
David Althoff
Chief Business Officer, Insurance

It’s time to Outcreate

Outcreate Your Business

  • Industries
  • iRun
  • iTransform
  • Business AI

Outcreate with LTM

  • Brand
  • Company
  • Careers
  • Locations

Outcreate Together

  • Investors
  • Newsroom
  • Partners
LTIMindtree Logo

It’s time to Outcreate

  • Industries
  • iRun
  • iTransform
  • Business AI
  • Brand
  • Company
  • Careers
  • Locations
  • Investors
  • Newsroom
  • Partners
LTIMindtree Logo
Accessibility Modern Slavery Statement Privacy Statement Responsible Disclosure

Stay connected for latest updates on LTIMindtree