A grocery store client was looking to verify the security of their internal systems and validate the effectiveness of their IT operations through scanning of their internal network and systems to identify missing operating system patches, missing third-party application patches, and misconfigured security settings.
Baker Tilly deployed a virtual scanning appliance on the client's network and began to scan for active systems and services on the network. Once the team identified the active systems and services, they performed vulnerability scanning utilizing both credentialed and non-credentialed methods. This level of testing allowed the team to identify various missing security patches at the operating system and application level, while also identifying firmware upgrades required for internal networking devices.
The client utilized Baker Tilly's results to enhance some of their own internal IT practices, and develop more robust asset management and vulnerability management processes.