The challenge
An 85-person distributor operating two warehouses with no formal security controls
The company had been operating across two warehouse sites in the Mid-Atlantic for over a decade. IT infrastructure had grown organically alongside the business: systems added as needed, vendor remote access granted and never reviewed, and no one with a defined security responsibility on staff. A major retail chain partner announced a mandatory vendor security questionnaire with a hard deadline, and the operations team had no baseline to work from.
Beyond the audit pressure, the underlying risk was real. Warehouse management systems and office IT shared the same flat network: a compromise on either side could spread without restriction. Legacy Windows machines running on the warehouse floor had no endpoint protection, and remote desktop was exposed directly to the internet across both sites. The company had been operating on trust and good fortune rather than controls.
Flat IT/OT network: no segmentation
Warehouse management systems and office infrastructure on a single flat network with no separation
12 inactive vendor accounts with remote access
Former vendors and contractors retained active credentials and VPN access years after engagements ended
RDP exposed to the public internet
Remote desktop enabled and directly internet-accessible across both warehouse sites
No endpoint protection on warehouse machines
Legacy Windows 7 machines on the warehouse floor running without antivirus or EDR of any kind
On-site only backup: no offsite or cloud copy
All backup data stored in the same physical location: a fire or ransomware event would destroy both
No security awareness training
Staff had received no phishing training or security guidance: social engineering risk was unaddressed
Our findings
What the four-week assessment uncovered
garrisonOne conducted an on-site visit to both warehouse locations combined with remote technical review of network architecture, identity management, endpoint configuration, and remote access controls. All findings were mapped against the retail chain's vendor security questionnaire requirements.
31
Total security findings across network, identity, endpoint, and data protection layers
11
Critical and high findings: 6 requiring immediate remediation before audit submission
12
Active vendor accounts with VPN access that had not been used in over 12 months
2
Warehouse sites with RDP directly accessible from the public internet: no VPN, no MFA
Internet-exposed RDP was the single most critical finding. Brute-force attacks against RDP are automated and constant: within hours of exposure, login attempts from known threat actor IP ranges are typical. Combined with no MFA and shared local administrator credentials across both sites, successful compromise would have given an attacker full access to both warehouse networks with no detection capability in place.
What we did
A five-phase assessment covering network, access, and compliance readiness
Structured to support both the retail audit deadline and build a durable security baseline the team could maintain without ongoing external support.
Phase 1
Environment & Network Mapping
On-site visits to both warehouse locations to map the physical and logical network architecture. Documented all systems, devices, network segments, and external connectivity. Identified the flat IT/OT topology and all points of internet exposure including RDP, legacy firewall rules, and unmonitored ports.
Phase 2
Vendor Access Audit
Reviewed all VPN, RDP, and remote access accounts against current vendor and contractor records. Identified 12 accounts belonging to vendors whose engagements had ended: some as far back as three years prior. Documented access scope, last login dates, and credentials status for each account before removal.
Phase 3
Risk Scoring & Immediate Remediation
Scored all 31 findings by likelihood and impact. The six audit-blocking findings were addressed immediately in collaboration with the client's IT contact: RDP access was placed behind a VPN, all 12 inactive vendor accounts were disabled, and internet-facing firewall rules were tightened. All changes were documented for audit evidence.
Phase 4
Audit Documentation & Questionnaire Support
Mapped the remaining findings and current controls against the retail chain's vendor security questionnaire. Prepared written responses, supported by evidence screenshots and network diagrams, for all applicable questionnaire sections. Guided the client through the submission process and responded to follow-up questions from the retail chain's security team.
Phase 5
Remediation Roadmap & Quarterly Plan
Delivered a full findings report and a quarterly remediation roadmap covering all 31 findings. Prioritised network segmentation, endpoint protection deployment, cloud backup implementation, and a basic security awareness training programme as the four highest-impact long-term investments for the organisation.
Key deliverables
-
Security assessment report: all 31 findings with severity ratings, evidence documentation, and remediation guidance
-
Vendor access audit log: all 12 inactive accounts documented with last login dates and removal evidence
-
Retail chain vendor security questionnaire: completed responses with supporting evidence for all applicable controls
-
Network architecture diagram: current state and recommended future state with IT/OT segmentation design
-
Quarterly remediation roadmap: phased plan covering all 31 findings mapped to effort level and business impact
-
Cloud backup implementation guide and endpoint protection deployment recommendations for warehouse floor systems
Outcomes
Retail audit passed: and a real security baseline established for the first time
The retail chain vendor audit was passed within the deadline. The client submitted their questionnaire with supporting evidence, received approval from the retail chain's security team, and retained the supply contract. Beyond the audit, the immediate remediation actions addressed the most critical operational risks the company had been carrying unknowingly for years.
Passed
Retail chain vendor security audit
Questionnaire submitted with full evidence support: supply contract retained.
12
Inactive vendor accounts removed
All stale remote access credentials revoked: vendor access process formalised going forward.
Zero
Internet-exposed RDP
Remote desktop moved behind VPN with MFA: no longer directly accessible from the public internet.
31
Findings tracked with a remediation plan
Every gap documented, scored, and assigned to a quarterly remediation phase.
Active
Cloud backup added alongside on-site copy
Critical business data now replicated off-site: ransomware and physical disaster risk significantly reduced.
Quarterly
Security roadmap in place
Structured plan covering remaining 25 findings: executable by internal IT without further external dependency.
"We had two weeks to respond to the retail chain or risk losing the contract. garrisonOne came in, identified what needed to be fixed immediately, helped us fix it, and got us through the audit. The fact that we also walked away with a proper security roadmap was a bonus we hadn't expected."
: Director of Operations, Regional Wholesale Distributor
