When one of Europe’s largest seaports needed help securing its vast IT infrastructure
“Because it offers continuous, automated protection, security issues that would normally take dozens of manual steps to discover are surfaced almost instantaneously. We have historically been compelled to focus pen tests on non-critical areas of infrastructure, as the risk of collateral damage-related downtime was too great. Thanks to XM Cyber’s automated testing, this problem was solved, and protection was extended across the entire infrastructure.”
(CEO, Hamburg Port Authority)
The Challenges of Finding and Fixing
The port of Hamburg, Germany is much like a small city, teeming with commercial activity. The task of managing this bustling operation falls to the Hamburg Port Authority (HPA), a local governmental agency that manages all harbor-related infrastructure for the city of Hamburg. This includes streets and bridges, railways and water infrastructure.
Given this large mandate, the IT infrastructure the HPA relies upon to manage port operations safely and securely is substantial. This infrastructure includes 350 kilometers of fiber cable, 850 routers and switches, 500 servers in two data centers (95% virtualized) and thousands of computers and smartphones running more than 600 applications. All this activity occurs over 63 separate locations with hundreds of operated IT devices.
The Challenge of Managing Port Infrastructure
When HPA IT managers reviewed the full scope of their environment, they realized that conditions on the ground had created some demanding security challenges to overcome. More than 100 local administrators were in the field and service providers were managing applications without support, or follow-up, from administrators. Additionally, not every application had an owner responsible for its security or lifecycle management.
Complicating matters further, the flat network structure being used was focused on performance and flexibility, rather than security. HPA workers, for their part, were not optimally aware of best security practices. They had concerns about exposures from across their network that were not identified by existing security controls.
After running XM Cyber’s industry-leading Attack Path Management Platform, HPA leaders identified several issues. Developer machines had unsecured databases; write access was discovered on shared folders containing
PS-scripts; patches that had been previously reported as installed were, in fact, missing. Test machines were left unsecured. The results of the initial work with XM Cyber showed administrators a more complete view of their overall security posture. Work to make port infrastructure more secure began immediately.
HPA leaders decided to formalize their relationship with XM Cyber, using its Attack Path Management Platform to help address security issues on a day-by-day basis.
After fully implementing XM Cyber in October 2019, HPA leaders began an ongoing process of continuously resolving vulnerabilities. Upon completion of each remedial task, HPA’s IT team validated the success of the remediation again using XM Cyber. In cases HPA was not sure about the best way to solve the issues, XM Cyber’s professional services team would help analyze and find the best possible solution.
Domain credential issues proved to be one of the most significant security challenges to overcome. Credential re-use and missing admin tier levels made it easy for the attacker to pivot quietly across the environment, making it the most significant security issue within the port’s IT infrastructure. XM Cyber identified this issue multiple times due to the platform’s attack-centric risk analysis. To address this, HPA IT leaders reduced the number of domain admins and streamlined the use of different accounts for separate needs.
In addition to these challenges, HPA IT leaders were supporting a large technology stack and working with international communities with no standards for collaboration. Standards that did exist were quickly outdated, thanks to fast-changing requirements.
Given the breadth of these challenges, HPA IT leaders decided to engage XM Cyber to identify where port IT infrastructure was vulnerable, then remediate any security gaps that were uncovered.
The Hamburg Port Authority
- The third-largest seaport in Europe
- Second busiest container port in Europe
- A key trade lane connecting Eastern Europe to the rest of the world
- Provides more than 150,000 jobs
- Processes more than 135 million tons of cargo
- Annual 9 million TEU capacity to double by 2025
Working Toward a More Secure Future with XM Cyber
With XM Cyber technology, HPA leaders were able to gain much deeper visibility into vulnerabilities and changes across their entire IT infrastructure. Because XM Cyber solves the issue of prioritization by using real data to contextualize exploits, as well as offering continuous, automated protection, security issues that would normally take dozens of manual steps to discover are surfaced almost instantaneously.
Additionally, because XM Cyber’s risk-free attack simulations occur in production, HPA leaders could run tests with no possibility of disruption – a critical attribute in port operations, where one small error can have profound real-world repercussions.
XM Cyber is the global leader in Attack Path Management that closes gaps in cloud and physical network security. Customers can rapidly identify and respond to cyber risks affecting their business-sensitive systems because the platform continuously calculates every potential attack path. Detailed remediation options are prioritized based on the potential impact, including exploitable vulnerabilities and credentials, misconfigurations, and user activities. XM Cyber eliminates 99% of its customer’s cyber risk by focusing IT and security operations on the one percent that represents the greatest threat.