Scorpion has encyclopedic knowledge of available software tools and knows which ones actually work to provide the greatest value. IT Infrastructure management and Security are always a struggle within large corporations.
Our experience can deliver the following:
• Examine the benefits of virtualizing and consolidating your server infrastructure to lower administration overhead
• Segment your network to meet security, compliance or segregation of duties (SOD) requirements
• Segment your network to reduce or eliminate single points of failure so that if one network segment goes down, others continue operating. This allows for improved diagnostic speed while the issue is localized
• Document an accurate network map of your organization including dependencies
• Coordinate internal and external Intrusion (hacking) testing
• Implement and configure Firewalls with the appropriate profiles to allow only authorized traffic and users through
• Develop a corporate taxonomy to support the inventory and governance of software tools
Example: Large Banking Institution
A Fortune 100 banking institution needed to segment its network as it had grown too large. This meant that any outage could take days to isolate. Any security breach meant the intruder had access to everything and the auditors were considering the lack of segmentation to be a segregation of dutites exception. The difficulty was that the network and infrastructure had grown organically for decades and was undocumented. No one person currently on staff there really understood the ramifications of segmenting or blocking certain machines from communicating and the cost per hour of downtime was very high for the business.
Scorpion used automated network mapping tools to get a basic understanding of the current layout of the systems. We put listener agents on the key servers that were targeted for isolation. These listeners recorded every unique box (IP address) that communicated with the server over the next 30 days. The results surprised the client with over 100 times the connections they anticipated. Scorpion then measured the bandwidth utilization in order to choose a right-sized firewall.
IP Addresses were reverse engineered, including dynamic IP address (DHCP) logs, to identify valid and invalid users. We built in a fail-safe firewall bypass network switch in case we rapidly needed to circumvent the firewall after deployment. A completely new firewall approach was implemented greatly increasing network separation without causing any unscheduled business downtime.