Sheppard Mullin 'Locks Down' Security Risks with the InfoPlusĀ® Security Audit
June 12, 2012
When Sheppard Mullin Richter & Hampton, an international law firm with over 500 attorneys on staff, recently encountered a potential dialing 'hack' on their Avaya Communications Manager, they immediately turned to their Avaya Business Partner, Windstream, for assistance. Windstream knew that an InfoPlus Security Audit would satisfy their customer's need to quickly analyze the current threat, as well as provide a system programming analysis that would help prevent future risks.
It was clear that the Sheppard Mullin Avaya CM system was the target of a computer-generated dialing attack that started on a Saturday evening at 8:09 P.M. The following Monday morning, the intrusion was detected during a CDR review of the weekend activity. The records indicated that the main number was being dialed every minute with no caller ID information.
The system programming concerns were twofold: that this intrusion did not lead to toll fraud abuse, and more importantly, that there was no unauthorized access to the system that would in any way compromise business operations. Not knowing for sure the nature of this hack, Sheppard Mullin needed a way to analyze the system quickly to evaluate login credentials and all other associated programming that might be used to access external trunks.
In InfoPlus Security Audit was considered to be the very best strategy to accomplish these goals. That same evening, InfoPlus polled the CM and obtained all the files necessary to produce a full-blown Security Audit, which was delivered the next day. The InfoPlus Security Audit provided a thorough analysis of those critical features requiring evaluation and allowed Sheppard Mullin to quickly address those areas that were not utilizing Avaya's Best Practice recommendations.
Read the full Sheppard Mullin story here.