Secure Data Collaboration, Microsoft 365 Security   Return to list of Case Studies

Infracore performs comprehensive security audit and penetration testing to validate cybersecurity readiness for therapeutics company
The Executive leadership team of a therapeutics company were concerned about news of cyber attacks and data breaches, and wanted confirmation that their IT systems were secure against attacks. Infracore performed a comprehensive security audit, including configuration analysis, comprehensive vulnerability scanning and penetration testing. Infracore provided documentation on all findings in a graded report.

Business Needs and Challenges:

The client's needs were clearly defined:
  • Perform vulnerability scanning of company's internal and public-facing IT assets, as well as penetration testing.
  • Grade and report on cybersecurity readiness.


Infracore deployed its comprehensive cybersecurity audit process. The audit performed a deep analysis of the client’s security posture, including:
    • Perform a “deep dive” configuration audit of the client’s Microsoft 365 environment
    • Conduct a configuration audit of network devices, including firewalls and switches
  • Review policies and procedures pertaining to:
    • IT software and hardware inventory
    • Account creation and termination
    • Security permission granting and revocation
    • Software and system patching
    • Data backup and recovery
    • Vulnerability management
    • Endpoint malware detection and management
    • Password and multi-factor authentication
    • Acceptable use of IT systems
  • Audit permissions on the client’s file shares and Teams sites against business needs
  • Audit Active Directory
  • Perform a vulnerability scan and analysis on all client network subnets
  • Review physical security for sensitive data and systems
  • Penetration testing of the client’s externally accessible systems
  • Review the client’s cybersecurity training program
Infracore compiled a comprehensive report using the results of the configuration audits, vulnerability scan, penetration test results, and auditor’s observations of the establishment of and adherence to IT policies and procedures. The report provided the client with a list of observed risks, as well as a grounded assessment of the likelihood and impact of materialized issues. An overall letter-grade (A through F) was assigned, based on how easily their information systems could be compromised based on the observed vulnerabilities. More than 20 recommendations to help improve the client’s security posture were included, along with the estimated effort level, impact to existing operations, and costs.

End Results:

Armed with this information, the client’s executive team was able to easily understand the strengths and weaknesses in their IT security posture, and were able to make informed decisions about where, when, and how best to remediate risks.  
      Links to other Case Studies: Life Sciences Medical Devices Biotech Pharmaceutical Software Property Management