The Challenge
A large civic organization recently chose to move from vendor support to third-party support. Before making the transition, the organization had upgraded their Oracle Enterprise Business Suite (EBS) because Oracle Support was deprecating their previous software version. As with many such efforts, the individuals who performed the upgrade work were not the same as those handling the daily system management. The organization did not have the tools to perform a vulnerability assessment after the upgrade, to make sure best practices were followed.
Upon partnering with Spinnaker Support, the organization took advantage of our offer to perform a vulnerability assessment (valued at over $10,000) on the EBS system. After gathering the necessary information, we provided the organization with a Database and an Oracle E-Business Suite Vulnerability Security Assessment report. The report highlighted multiple findings, some of them were of greater concern than others. The most concerning vulnerability found was an incorrect external-node configuration that hackers often use.
The Approach
Spinnaker Support immediately provided the organization with a list of recommended actions that would solve the issue. Three weeks later, Spinnaker Support met with the client over a video-conference call to review the progress and discuss any further action. During the meeting, Spinnaker Support highlighted several high-risk issues that the organization had still not addressed, including improper setup of external nodes, firewall rules, and improper user responsibilities.
The client had not yet implemented the recommended actions when their system was compromised, less than a week later.
The Solution
After the attack, the client called upon Spinnaker Support’s Oracle experts for urgent assistance. We immediately went to work, analyzing the attack vector and then directly applying specific recommendations from the report to prevent further compromise.
Fortunately, the client already had a defense-in-depth strategy in place, and another layer of defense was able to prevent the export of their database information.
The Results
Spinnaker Support is a leading global provider of third-party support for Oracle E-Business Suite. Upon recognizing that system security should be among their top priorities, the client chose to use our consulting services to help implement most of the remaining configuration changes, ensuring their system is in congruence with best practices. They have also engaged us to upgrade a separate Oracle system, so that it aligns with their EBS version.
The client continues to recommend Spinnaker Support to other organizations that need technological assistance.