Industry Insurance & Investment Management
Solution Type Security Detection before Audit
Needs This company was very confident in their detection capabilities because of tests run previously by other security firms. This company needed further validation — before an audit — of its new cybersecurity detection and incident response capabilities. They wanted a test that went beyond traditional pen tests / vulnerability scans, something that seemed more like the real-world motions of an advanced attacker.
Client engaged us to perform a Black Box (only the CISO knew of the test) penetration test, an advanced adversarial attack simulation designed to stealthily penetrate the customer's technical and physical security controls. Our team used security and cloud infrastructure skills to create non-traditional attack vectors.
At the end of the day
Our Testing Team was able to remain undetected for 3 weeks, where previous security companies were detected within hours. As a result of this project the customer now has 17 unique information security findings that have been identified and rated through an our proprietary risk rating and risk classification scale. Our Testing Team's successful phishing campaign exposed a control failure. Our Team was able to gain access to the physical building and to sensitive networked data, which resulted in multiple actionable security findings.