Across systems, applications, networks, & mobile devices, TDI provided risk & vulnerability management to scores of the IMF’s IT assets.

The services TDI provided IMF span a number of different knowledge domains, however, at their core is the goal to identify and remediate vulnerabilities. Some of those relevant services include server build assessment, network and application vulnerability assessments, penetration tests, and vulnerability remediation. Those services combined automated and manual approaches for vulnerability management.

Since 2010, TDI had been tasked with performing full application assessments and penetration tests for a significant number of IMF web applications and network components. The vulnerability assessments for those applications were conducted under extremely aggressive schedule constraints with very tight deadlines. TDI worked around the clock to accommodate the deployment requirements and ensure the web applications could secure all IMF clients around the world, including the visitors for the annual summit meetings scheduled each September. Several project managers expressed their satisfaction with quality and timeliness of TDI‘s work and recommended TDI for future efforts. In addition, TDI performed several IMF-wide penetration tests including on the entire internal network infrastructure. The penetration tests identified high risk vulnerabilities not discovered by previous vendors and led to over a 30% reduction of the public vulnerability profile of IMF.

TDI performed a wireless assessment as part of our regular penetration testing activities at IMF. The effort included discovering rogue access points, assessing security of confidentiality and authentication of valid wireless nodes, spoofing of valid nodes, brute force encryption cracking, etc. As a result of our efforts, IMF changed one of its security policies and also provided training materials while updating its configuration policies to improve encryption security.

Based on our application assessment and penetration testing work, TDI was recommended to a group within IMF as a knowledgeable vendor of vulnerability remediation service. Our knowledge of the Windows environment and .NET stacks was one of the crucial qualification requirements that convinced a project manager there to select TDI for the effort. As part of the vulnerability remediation effort TDI provided expert secure code reviews and vulnerability confirmation services. For every confirmed vulnerability TDI also researched the best solution and provided detailed recommendations on how to implement the fix. The IMF provided commendations for TDI‘s efforts to the CIO of IMF, while one of the application project managers provided written commendation for one of our engineers providing secure code review and vulnerability remediation services.

TDI also provided a large spectrum of cybersecurity services to the IMF for vulnerability remediation and secure code review. TDI performed an infrastructure assessment in the form of a server build assessment for IMF‘s RedHat and Windows Server images. The images were developed by IMF as the templates for subsequent deployments – responsible for all internal and external web applications, file sharing, and database systems. TDI assessed external vulnerabilities as well as any configuration security issues.

TDI’s support of the IMF provided us with a unique insight into the technological challenges facing them, the security risks associated with those challenges, and the multi-faceted approach that is required to meet them.

Testimonials

Don’t take it from us, hear what our clients have to say about TDI

“TDI’s approach to Managed Cybersecurity Performance (MCP) has been a game changer for us. We now have added visibility and insight to better understand risk and the ROI (return on investment) we’re receiving from our other security provider. Our security program continues to mature and we’re able to maintain continuous compliance. MCP gives me one less thing to worry about and frankly makes my job easier.””
Johnny Yang
Director Information Security & Compliance
“TDI always provides top notch personnel that meet or exceed the requirements of the contract. Their deliverables, reports, and technical aptitude are bar none. We will continue to hire TDI … they always come through for us and our end customers.”
Emilio Gonzalez
Joint Strike Fighter Program Manager
“[TDI Employee] You are the Man !! Thanks so much for the quick turn around.”
W.A. Harrison
USAJOBS Program Office Deputy Program Director
“The most appealing part of the engagement was the development of the 10-year strategic security plan for our mutual client. The quality of the thinking and input into the deliverables was exceptional.”
Bruce Gnatowski
Director Verizon Global Services
“On behalf of MCSC, PdM TFITS, Manpower Team, I would like to express our appreciation for the excellence in leadership & teamwork demonstrated by [TDI Staff] over the past 18 months. Her role as a lead IA professional was carried out in a manner above and beyond expectations.”
Beverly Walker
USMC Manpower Branch Manager
“Highly skilled and knows their work. . . exceptional at task preparation & reduced time to perform tasks by 90%. TDI brings quality & care to the table. Lots of companies have good people, but TDI employees really care about the work they do & the collective customers we support.”
Deron Burba
Smithsonian CIO
“TDI and its staff provided high quality testing engagements followed up by concise easy to understand reports. They clearly showed adherence to tasks schedule and offer adequate frequency of client/customer interaction resulting in a very satisfied customer.”
Carla Little-Kopach
Chief, DARPA SSO BPA
“TDI has proven an invaluable asset to the mission of the CTO…have strengthened the overall IA posture of the DEA Enterprise…and continues to further innovate and provide solutions that help sharpen the overriding information technology goals and mission of the Office of the CTO.”
Mark Shafernich
CTO, DEA

Related Case Studies

All Case Studies
TDI provided years of cybersecurity direction & counsel to the DEA’s execs

From technology to process to people, TDI examined every DEA cybersecurity element & directly advised the CTO & DEA Administrator on how to better their organization. Then we stayed to help them do so.
Monster calls on TDI to support its cyber requirements and scare away risk

As Monster’s cybersecurity partner for over a decade, TDI helped Monster navigate the difficult waters of Federal compliance by conducting A&A & other cyber efforts delivering roadmaps to protection
Shipping out the bad & bringing in the good for the Export-Import Bank

TDI advised the Export-Import Bank of the U.S. on their architecture along with practices for performing SAS 70 audits producing measurable impacts on the cost effectiveness of their IT audit function.

nSights Report


X