A Fashion Commerce Leader - Ensuring Endpoint Security

Introduction

Our client with one of largest fashion ecommerce network globally and publicly listed company is one of the globally recognized fashion ecommerce enterprise.

Challenge

Our client being one of the globally leading fashion e-commerce destination, provides shopping services worldwide. It was essential for the client to ensure safety of sensitive data and personally identifiable information (PII) of millions of users trusting the service.

The client had undergone various security audits by top-of-the-line on and offshore security providers. The project was allotted to SecurityEscape to ensure endpoint protection and end-to-end safety of client’s IT infrastructure. It was a major challenge to identify any potential vulnerability as the client had undergone many security audits prior to engaging with SecurityEscape within the 20-day audit timeline without any technical backend or endpoints detail from the client.

The Solution

Using SecurityEscape's expert-driven strategic manual auditing, powerful cloud scanner with integrated artificial intelligence technology, the complete online infrastructure was audited and many of potentially harmful vulnerabilities were identified in first phase of audit cycle.

After conducting first manual security review, our powerful artificial intelligence based realtime scanner was used to closely monitor the application's security and to collect intensive data which was effectively used in later stages of manual security audit by the consultants to identify more security threats.

First Cycle of Engagement

During this period, an initial audit report was delivered consisting of 8 high-impact vulnerabilities, including issues capable of manipulating controls and data of all users across the website. The deliverable report with executive presentation was customised to match client's working environment.

  • Understanding & Mapping Complete Application Architecture
  • Identifying Every Potential Security Vulnerability Affecting Any Endpoint
  • Ensuring End-to-End Encryption of Sensitive Data Stored or Transmitted.
  • Hardening Access Controls Throughout the Application Infrastructure
  • Recommending & Implementing Best Security Practices.
  • Compliance Auditing & Reporting

Post Auditing Scenario

SecurityEscape delivers enterprise-grade and cross-platform managed security services that are focused towards catering needs of your brand protection from constantly emerging security risks and increasingly sophisticated modern threats. Dedicated towards reducing cost and time, our managed security services can enable you to get secure, efficient and sustainable compliance management, vulnerability assessments and remediation, expert-driven penetration tests, data security and protection, endpoint protection and security event management.

SecurityEscape utilizes its powerful SaaS-based vulnerability management system for effective collaboration of the managed security services, enabling organizations to get realtime and result-driven reports with actionable insights and enterprise-class scalability.

On completion of manual audit engagement, our client opted to continue using SecurityEscape’s managed security services annually and half-yearly based on the backend code updates made by the client.

Conclusions

SecurityEscape was successful in greatly reducing the risks to client's IT infrastructure and eliminating every identified threat by working closely with the client's devops team. Some key highlights of this project are:

  • The Client processes massive sensitive data of 1 million plus active users, Eg: Sensitive User Details, Address Details, Billing & Order History, Personally Identifiable Information (eg: Mobile number, Email Address, DOB)
  • SecurityEscape has ensured security of each parameter where data is being exchanged.
  • Our scanner is playing a significant role on actively scanning these assets, helping in production to actively monitor regular updates on applications internally by the security experts during the audit phase.