Aurora Performs Comprehensive Security Analysis at Stericycle
• Wanted to detect any weaknesses in company’s internal architecture
• Needed to enhance the security architecture of IT infrastructure
• Needed to assess vulnerability in externally available systems
• Wanted to develop a problem resolution matrix
• Contacted Aurora
• Thorough security assessment completed in both national and international facilities
• All issues detected in assessment now remediated
“It worked out really well. I was very happy with their work.”
–Sheri Bardin, Stericyle
Based in Lake Forest, Illinois, Stericycle is a business services company that specializes in protecting people and reducing risk.
Stericycle works with companies in a wide array of industries to improve employee and customer safety, ensure regulatory compliance, safely dispose of regulated materials, and manage corporate and personal risk. The company operates in the U.S., United Kingdom, Ireland, Canada, Mexico, Argentina, Chile, Romania and Portugal, and they continue to pursue opportunities to enter new countries and offer new services.
A company devoted to the protection of their clients must naturally be concerned with their own security and protection, especially in the area of securing client data and communication. That is why Stericycle conducts an annual assessment to detect and resolve any problems.
“Over the years we’ve used a different company each year to get fresh eyes on our network,” said Sheri Bardin, Stericyle’s IT Security Manager in southern California. “This includes having all of our external IP addresses scanned, and a sampling of our internal addresses as well. We’re not looking for anything specific,just any noticeable issues so we can resolve them and help secure our network.”
For the most recent security assessment of its national and international facilities, Bardin contacted Aurora. The company performed an automated and manual network assessment to identify potential security vulnerabilities within specified IPs, to look at the data communications controls, and to assess the processes and procedures in place around vulnerability management. The evaluation focused on vulnerability assessment, host security, patch management and policies and procedures review.
“Our process helps to determine the extent to which an enterprise may be vulnerable to scan for potential risks from internal and external threats” said Gary Bahadur, Manager of Security Services at Aurora.”Our services afford a swift, proficient, and non-disruptive assessment of the security of information assets, communications, and control infrastructure.”
Vulnerability scans were conducted to highlight weaknesses in network level security. Aurora utilized a combination of multiple security industry tools, utilities and methodologies to review all potential points of security failure. To determine the current state of Stericycle’s operational security architecture, Aurora also reviewed a number of key security policies to expose any gaps in security operations.
“Based on our analysis, we were then able to suggest recommendations for enhancements to help reduce the level of acceptable risk,” Bahadur said.
“The companies we used in the past have come onsite to do their scanning and testing. One of the things that was different with Aurora is they did everything remotely,” Bardin said. “I was unsure of how that was going to work, but it worked out really well. I was very happy with their work.”
Remote analysis also made it easier to conduct security assessments in Stericycle facilities outside the United States. “We had them test one facility in Mexico and one in Argentina,” Bardin explained. “They needed external access to a server at each site. There was a communication gap, but they were very tenacious, and were able to get their testing results completed and gather the data that they needed. I was very impressed with their due diligence.”
The benefits of offsite analysis were further illuminated after an incident with a different security firm that Bardin assumed was locally owned and operated. “It turns out their security engineers were from North Carolina, so I received a bill for their hotel rooms, their food and rental car, which came to a couple of thousand dollars,” she recalls. “And that was above and beyond the fee they charged for the security assessment.”
Aurora provided Stericycle with a comprehensive report on their findings, along with suggested guidelines on how to address any issues. “Everything they found we have already remediated,” said Bardin, who has already suggested to another Stericycle facility that they contact Aurora for their security needs.