Penetration Testing Example
COMPANY: Enterprise event data warehouse software provider
INDUSTRY: Cyber Security
SOLUTION: Log adapters, parsers, preprocessors, senders.
TOOLS AND LANGUAGES: Python, Perl, C, proprietary event processing language, and SQL extensions.
SYSTEMS AND HARDWARE: HP Compliance Log Warehouse, Oracle, Windows, Unix.
STANDARDS AND REGULATIONS:
Sarbanes-Oxley (SOX), Payment Card Industry (PCI) Data Security Standard (DSS), the Health Insurance Portability & Accountability Act (HIPAA), the Federal InformationSecurity Management Act (FISMA).
GeeksForLess Security Operations team was dedicated to a US-based financial services company but encountered challenges configuring the managed Security Information Event Management system. Due to licensing restrictions, we could only customize the system with approval from the vendor. We presented a 2 technical proposal to the software vendor deemed valuable and applicable to other clients. As a result, the vendor hired GeeksForLess to perform custom integrations, implement new features, and undertake various development projects. Since then, the company has undergone several mergers and acquisitions, but GeeksForLess has remained its trusted software development partner for over a decade.
PREREQUISITES
Documentation
- Proprietary SIEM system installation, configuration, and upgrade guide
- Event collection guide (receivers, collectors, parsers, correlators)
- Log adapters creation guides (hardware and software specific)
- Event processing language developer’s guide
- SQL language extensions
TRANSITION
6 weeks
- Completed training and studying the documentation
- Developed new parsers
- Optimized several existing parsers
- Fixed several deployed custom parsers
- Established release cycle and upgrade procedures
STEADY-STATE OPERATIONS
- Developed over 30 custom parsers for various types of sources
- Created preprocessor scripts for log parsing optimization
- Setup lab environments (Windows, Unix, Oracle) for research and testing new parsers
- Introduced functional test cases to test new builds nightly
- Created and updated documentation
- Provided professional services to customers (Tier 4 support, configuration, and problems investigation)
BENEFITS ACHIEVED
- Improved performance of the customers’ existing deployed systems
- Enhanced functionality and richness of data collected by the existing customer instances by customizing
- the parsers and preprocessors
- Increased the stability of the core product
- Improved test coverage of the system
- Decreased time to market for the new parsers and preprocessors
- Reduced the costs of R&D