A multinational pharma company has IT infrastructure spread across 3 time zones. In their new branch in a specific time zone the NTP service is not enabled. Things were running smoothly and there was downtime due a cyber attack in that branch. The management has initiated an investigation and the investigators demanded logs of all network devices. It was discovered the timestamps on some devices  were wrong and not in sync with the local time zone. The logs did not make any sense due to chaotic time stamps. The investigation hit a major roadblock due to incoherent time stamps caused by non-enablement of time NTP service. The administrator was counting on manual configuration of time zones leaving room for human and device errors. 

 

In another branch of the same company in a different time zone. Fortunately here the IT head got the NTP service activated but did not ensure NTP authentication was mandated between the NTP server and the network devices. After a couple of months there was a cyber attack and the management initiated an investigation.   In this case the investigators found logs accurate but  a clogging attack occurred dislodging time accuracy by overloading,  the root cause established to be non-enabling of NTP authentication.  

 

In the third branch of the same company in a different time zone, the IT head was running two networks and fortunately subscribed to SPARK. The head of  IT department ran SPARK scans regularly and got two alerts stating that  on one network he did not activate the NTP and on another he activated NTP but failed to enable the  authentication from NTP server to devices. The head of IT fixed the issues on both the networks and thus  averted potential attacks from such vulnerabilities.