The Customer is a global leader in the elevator and escalator industry, with headquarters in Finland and offices in more than 60 countries around the world, serving over 500,000 customers. The Customer manufactures, installs and maintains elevators, escalators and automatic building doors. The Customer is a large multinational with over 57,000 employees spread globally.
WATI Helps Strengthen Network & Infrastructure Security
Customer Introduction
Problem
The Customer wanted to get one of their products – a 41-floor elevator system – to be tested for security vulnerabilities in firmware and hardware. Being a critical infrastructure used by large number of people on daily basis, the Customer needed to establish absolutely foolproof security standards. In this instance, the firmware and infrastructure security were considered more critical, although it also involved a Web Application.
Solution
WATI deployed a team of six certified cybersecurity experts that worked on this project. After the initial knowledge transfer on the working of elevators from the Customer, WATI carried out an exhaustive security audit of the control and security mechanism aspects. It included penetration testing of the Customer’s firmware and infrastructure using industry leading methodologies from Firmware Security Testing Methodology (FSTM), Open Web Application Security Project (OWASP), and SANS. WATI prepared a comprehensive Security Audit Report (SAR) listing the identified vulnerabilities and also ranking them on a degree of severity to help Customer prioritize remediation.
WATI trained the Customer on different security perspectives, imparting them knowledge on the various prospective attacks that could happen on their network and infrastructure security. WATI also offered advisory services on the development and design phases of the network and infrastructure security framework.
Benefits
The Customer could always stay alert and avoid potential attacks on their network and infrastructure security framework because of the knowledge of various types of cyberattacks imparted to them by WATI. The unauthenticated issues related to upgrade and downgrade of firmware were also sorted out and the Customer gained good knowledge of design aspects related to control and security framework, which stood them in good stead in the long run.