Across systems, applications, networks, & mobile devices, TDI provided risk & vulnerability management to scores of the IMF’s IT assets.
The services TDI provided IMF span a number of different knowledge domains, however, at their core is the goal to identify and remediate vulnerabilities. Some of those relevant services include server build assessment, network and application vulnerability assessments, penetration tests, and vulnerability remediation. Those services combined automated and manual approaches for vulnerability management.
Since 2010, TDI had been tasked with performing full application assessments and penetration tests for a significant number of IMF web applications and network components. The vulnerability assessments for those applications were conducted under extremely aggressive schedule constraints with very tight deadlines. TDI worked around the clock to accommodate the deployment requirements and ensure the web applications could secure all IMF clients around the world, including the visitors for the annual summit meetings scheduled each September. Several project managers expressed their satisfaction with quality and timeliness of TDI‘s work and recommended TDI for future efforts. In addition, TDI performed several IMF-wide penetration tests including on the entire internal network infrastructure. The penetration tests identified high risk vulnerabilities not discovered by previous vendors and led to over a 30% reduction of the public vulnerability profile of IMF.
TDI performed a wireless assessment as part of our regular penetration testing activities at IMF. The effort included discovering rogue access points, assessing security of confidentiality and authentication of valid wireless nodes, spoofing of valid nodes, brute force encryption cracking, etc. As a result of our efforts, IMF changed one of its security policies and also provided training materials while updating its configuration policies to improve encryption security.
Based on our application assessment and penetration testing work, TDI was recommended to a group within IMF as a knowledgeable vendor of vulnerability remediation service. Our knowledge of the Windows environment and .NET stacks was one of the crucial qualification requirements that convinced a project manager there to select TDI for the effort. As part of the vulnerability remediation effort TDI provided expert secure code reviews and vulnerability confirmation services. For every confirmed vulnerability TDI also researched the best solution and provided detailed recommendations on how to implement the fix. The IMF provided commendations for TDI‘s efforts to the CIO of IMF, while one of the application project managers provided written commendation for one of our engineers providing secure code review and vulnerability remediation services.
TDI also provided a large spectrum of cybersecurity services to the IMF for vulnerability remediation and secure code review. TDI performed an infrastructure assessment in the form of a server build assessment for IMF‘s RedHat and Windows Server images. The images were developed by IMF as the templates for subsequent deployments – responsible for all internal and external web applications, file sharing, and database systems. TDI assessed external vulnerabilities as well as any configuration security issues.
TDI’s support of the IMF provided us with a unique insight into the technological challenges facing them, the security risks associated with those challenges, and the multi-faceted approach that is required to meet them.