Careful
Security

Compliancy For The Gaming Industry

Compliancy for the Gaming Industry

What was the problem/objective?

This company had a lot of online games that were forgotten with the tide of the times. The studios that developed the games had moved on. No-one how to support and maintain these games. Yet these games and sites being still available online meant that they could potentially be a pathway to the company’s internal assets.

What was the solution?

Conducted a thorough scan of the entire perimeter and discovered quite a few sites that had security vulnerabilities and could be exploited as an entry point into the company’s internal network. Went about methodically finding security holes, remediating the vulnerabilities, analyzing traffic logs, and closing down inactive sites.

What are some of the other benefits?

The external attack surface was reduced significantly and the company was able to save unnecessary resources being consumed by these inactive sites.

What was the problem/objective?

Each studio worked in its own silo and the company lacked a centralized architecture framework. They also didn’t follow a consistent secure SDLC process for developing and testing games.

What was the solution?

Created a centralized security architecture framework for managing identity and backend resources and gradually migrated each studio to these centralized platforms. Conducted threat modeling, static code analysis, and penetration testing before the games were deployed to production.

What are some of the other benefits?

A standardized and consistent architecture helped improve security and maintenance efforts. Going through a secure SDLC process helped identify security weaknesses early on in the process.

What was the problem/objective?

The company was processing financial transactions and had to beef up its infrastructure to be PCI compliant.

What was the solution?

Went through the PCI requirements checklist to ensure all the requirements were being met with respect to network segregation, encryption of card information, and having file integrity monitoring checks. Other detective and preventative controls were also established. Conducted a penetration testing of the PCI environment to simulate hacker behavior.

What are some of the other benefits?

The company was able to build a securely configured, access restricted PCI compliant environment isolated from the rest of the network, with specialized security controls to monitor and prevent intrusion attempts.

Contact us for a free consultation on your current security posture!