- Home
- /
- Success stories
- /
- Cybersecurity
- /
- Conserve Italy
Success story
Verified quality and safety
in Conserve Italia.
Red Team Exercise ‘s service fully met the client’s needs. Together with deda tech specialists, a realistic attack simulation was put together , defining objectives, attack scenarios and initial vectors.
Recognized as one of the largest agro-industrial companies operating in Europe, Conserve Italia is an all-Italian member of Confcooperative (Confederazione Cooperative Italiane) that has positioned itself at the top of thecanning industry.
In more than four decades it has achieved an international dimension, with companies in France, Britain, Spain and Germany, focusing its mission and business strategy onItalian agriculture, to make the most of the agricultural products of its cooperative members and give consumers guarantees of quality and food safety.
Tech refresh of the entire infrastructure for Hana.
Cloud @home service implementation for Backup + training and DR plan implementation.
Red Team activities with Penetration Test service + Adding storage in Cloud@home service.
Implementation of Disaster Recovery as a Service (DraaS) and Desktop as a service (DaaS) services.
SCENARIO
Conserve sparked a need in the company: to challenge itself, testing the cybersecurity strategyProposal and solution
Simulate an action by a threat actor intent on compromising the entire enterprise information system.
Getting this activity started required a meeting with deda tech specialists and Conserve’s IT department, a key moment to fully understand the client’s needs and expectations. It was chosen to simulate an action by a threat actor with little information about the target, where the attacker once identified the company and carried out the timely reconnaissance activity from open sources on the company’s assets (people, processes, exposed services), is intent on compromising as deeply as possible the entire corporate information system. Using one or more carriers, such as applications exposed on the Internet. Thus, the Red Team had definite goals to achieve:
- Compromising backup, antivirus, virtualization and Database systems;
- Compromising production systems;
- Gaining privileged access to systems;
- Exfiltrating business data;
- Circumvent active safety systems.
Having signed the indemnity and performed the kickoff, the Red Team notified the staff identified in the engagement phase to make the client aware of the time window in which they are acting. The activity tested the skills of deda tech’s Red Team, which was faced with a well-organized and managed network security infrastructure. The Red Team, through the discovery of a little-known misconfiguration was able to breach the outer perimeter and obtain persistence on the compromised system. Subsequent operations followed by conveying all traffic by means of a dns tunnel and once the necessary accesses were obtained, the Red Team had to make its way through a very large and complex network. The scenario found prompted the team to attempt to reconstruct how the system administrator had designed the infrastructure, and only through experience and strong subject matter expertise was it able to compromise additional parts of the infrastructure itself. Two were the winning elements:
- The relationship of trust, established over the years, between Conserve Italia and deda tech.
- deda tech Red Team’s expertise and certifications that recognize them in the market.
We have been working hard on a proper defensive posture, feeling secure after so much work can be understandable, but when it comes to cyber you can never be secure enough, so we asked deda tech to perform an aggressive penetration test like a real attack.
Their work allowed us to better understand our hidden weaknesses and redefine a concrete strategy to improve our corporate security.
I am very pleased and satisfied with the work we did together for Conserve Italia.
Achievements
Given the speed with which attack methods change and evolve, it is important to conduct Red Team activity at least once a year.Having a robust cybersecurity infrastructure is important in a historical context where cyber attacks have become commonplace.
At the same time, being aware of the characteristics of one’s infrastructure and the risks to which it is exposed allows companies to really prepare for possible attacks, which is why an activity such as Penetration Test or Red Team Exercise becomes essential for a growing company.
Through these services, the customer can then experience an emergency situation by understanding how their infrastructure might react and how they should improve their posture to avoid substantial damage to the business.
Once the activity was completed, Conserve Italia’s Blue Team then met with deda tech’s Red Team and analyzed the release report together.
Specifically, the report describes exactly all the steps taken and commands executed during the activity so that the customer could fully understand how deda tech’s Offensive Security specialists were able to get into their infrastructure.
This confrontation was a key and highly formative moment on both sides because it allows customer side to understand their weaknesses, while vendor side to study and propose the best services to secure the systems of future customers as well.
The effectiveness of the service also undoubtedly comes from the mutual trust between deda tech and Conserve Italia, which fully embraced the recommendations provided by the Red Team (tools, programs, people) without which it would not have implemented the improvements to increase its corporate IT security. Conserve Italia has achieved its goals:
- Quantify the damage an intentional attacker is capable of bringing to the company;
- Test internal procedures for responding to a cyber attack;
- Test the capabilities of your Managed Detection and Response service;
- Know the improvements needed to increase corporate IT security.
Given the speed with which attack methods change and evolve, it is important to conduct Red Team activity at least once a year, changing scenarios and starting vectors, so as to unearth a possible improvement in their systems each time.
For this reason, Conserve will continue to work together with deda tech to be always ready to address new market needs and grow technologically as its business grows.