SERVICES: External Attack and Penetration Assessment
Several months ago, a manufacturer’s product line drew the attention of a hacker collective, leading to a breach of the company’s externally facing website. Both employee and customer information was stolen during the attack, which became public record. Due to the resulting negative effects and publicity, the company has made information security a much higher priority and has been taking serious steps to improve their risk level. They recently contracted SecureState’s Profiling Team to ensure these steps were in the right direction. The Profiling Team conducted an External Attack and Penetration Assessment. An Attack and Penetration Assessment attempts to breach the target as an unauthorized user with varying levels of access. This is sometimes referred to as “red teaming” or “ethical hacking.”
Why this Engagement was Interesting
The most interesting thing about this engagement was really the company’s products and the circumstance that brought us there. The company had a really small services footprint and their external website was hosted externally. For that reason, they hadn’t given much consideration to information security in the past. However, they quickly learned that when skilled and dedicated hackers decide to focus their efforts on a target, without taking necessary countermeasures, a breach is inevitable.
The engagement itself was fairly routine. SecureState attacked one external IP address and found it to be reasonably secure. Of the four total vulnerabilities found, only one was even a potential high risk vulnerability, relating to a Microsoft patch. The client went about remediation immediately.
What the Consultants Had to Say
“It was refreshing to work with a client who had already addressed almost all our findings before we even did the closing meeting.” It was clear this company took the breach (and potential for future breaches) seriously, and really wanted to prevent it from happening again. “When the closing meeting was over, the Project Lead thanked us and said it was a pleasure to work with us. The feeling was mutual.”