Dolce Vita IT Solutions is continuing to work with an Oklahoma HR benefits company to harden their cyber security. In addition to the typical cyber measures both vulnerability scanning and third-party penetration testing (pentesting) have been used to nearly double their SCAP Compliance Checker score (SCC) and reduce the attack surface area of the client’s cloud-based server infrastructure.

SCC vulnerability scanning is run on a quarterly basis on their servers, including their cloud desktops. This has served to bring to light Windows policies which could be adjusted to reduce risk to data…this has acted to improve their Windows 2022 SCAP score from 48% to 92%.

Third-party penetration testing is used to detect potentially exploitable vulnerabilities…in this particular case the servers (which were in a SOC2 compliant environment) were found to have some weaknesses which were unexpected, specifically with authentication and data encryption in their environment. With the Dolce Vita pentesting the scans are run periodically (usually 3-4 times per year). While hardening efforts are ongoing the client (and their compliance auditors) are seeing specific and targeted progress. Because the client is pursuing cyber liability insurance, this program will not only reduce their business risk, but is likely to reduce their premiums!