Skip to Main Content Skip to Footer

CASE STUDY

Enhancing organizational security controls with penetration testing

Miles IT helps an organization understand the shortcomings of its security controls by conducting a pen test and sharing recommendations for improvements.

 
Business,People,Meeting,To,Discuss,The,Situation,On,The,Market

MEET THE CLIENT

Service-based organization

The client is a service-based organization that was required to execute penetration testing activities to achieve regulatory compliance.
 

However, they also wanted to leverage pen testing as a means to improve their organizational security posture.

PRIMARY CHALLENGE

Increase understanding of current security activities

Although a pen test was necessary from a compliance standpoint, the client viewed the assessment as an opportunity to better serve and secure their company.

Clarify Specific Security Controls

The client shared areas of concern that they felt the pen test might help them correct; we kept these focus areas in mind as we performed the assessment.

Achieve Regulatory & Customer Requirements

Since the client needed to undergo an audit for compliance purposes, they wanted to ensure appropriate protections were in place before the examination.

Heighten Security Posture

Though meeting requirements was one part of the engagement, the client sought to enhance control activities to benefit their entire organization’s security.

OUR PROCESS

Comprehensive penetration test engagement

Our standardized procedure kept all team members on the same page while ensuring we responded to the client’s queries.

Define Scope

We began by defining a scope with the client to ensure the systems that would be tested belonged to the client and that we had the authorization to test against them.

Perform Penetration Testing & Vulnerability Assessments

Led by our Director of Compliance and Risk Management, our Operational Security Staff performed the penetration testing engagement and additional component assessments to identify further areas of interest and vulnerabilities.

Present Report & Findings

We shared our findings in a meaningful report detailing threats, risk levels, and remediation paths & mitigation efforts.

OUR STRATEGY

Identify & prioritize opportunities for improvement

We focused the engagement on external-facing systems, per the client’s request, and shared clear results that they could turn into tangible actions.

  • Greybox-Style Emulation

    +

    While this test was an emulation of an outside attacker against the organization that required our staff to emulate, think, and attack as a threat actor would, the team was armed with basic information about the organization.

  • System Strength & User Controls Focus

    +

    We concentrated on testing the security of external-facing services that emulated against a directory services endpoint. With this assessment, we tested both the security of the system and the strength of user access controls.

  • Actionable Remediation Recommendations

    +

    When sharing results, we focused on answering the client’s original questions, identifying shortcomings they were unaware of, and providing guidance regarding priority items to address.

THE RESULTS

Greater clarity on recommended security controls

The client expanded their understanding of security protections for their organization and achieved compliance with both regulatory & customer requirements.

Increased Awareness of End-User-Centric Controls

Completing the pen test engagement gave the client transparent knowledge of how to improve user control activities and better defend against security threats as they pertained to end user attack surface.

Regulatory & Customer Compliance

With the completion of this assessment, the client can now present results to their regulatory body and customers to establish trust and maintain business operations.

Specific Paths for Remediation

After working with our team, the client recognizes specific actions they can take to enhance their posture now and in the future.

MOVING FORWARD

Ongoing scans to stay up-to-date

The client continues to have Miles IT perform vulnerability assessments to maintain an understanding of their security posture & attack surface and take the appropriate remediation actions to manage their risk accordingly.
Wondering what type of risk assessment your organization should start with? Check out our blog for guidance.

Why blocks? Click to find out!

Gain greater insights into your organization’s security posture.