Penetration Testing for Auto Company
Please find under a summary covering project details and feedback. The innate facts are kept as they are, private information is amended.
Introductory information
Introduce your business and what you do there.
We are a global manufacturer of commercial vehicles. I’m the chief information security official.
Desired goal
What challenge were you trying to address with Silent Break Security?
We were looking for a firm to do discernment testing athwart our global environment, at a reasonable cost that could also help train us along the way, with the overall goal of enhancing our security.
Provided solution
What was the aim of their involvement?
They were to look at our complete corporate network and unite possible entrance points through the use of tools and manual activities. They were to stop brief of anything that could disrupt our manufacturing facilities or regular day-to-day operations. They used manner tooling along with tools readily useful on the web. They worked hard to meet our needs.
For us, they have done principally informed discernment testing. We granted them IP ranges they could go behind, and ones they needed to quit, to fix we didn’t have any business disintegrations. We granted them some basic account credentials for onwebsite and distant access. They also focused heavily on phishing for their initial point of entrance. We were more concerned almost what they could do once they were on the network then whether they could verity gain access.
At the end of their tests, they prepare a terminal report with recommendations for changes. We have typically implemented most of their suggestions relatively fastly. We have them recur almost a year later to validate work done and look for new possible exploits. They have been impressed by how much we were able to accomplish between their visits.
In our last test, we had to lessen some of our controls to allow them access for their tools to run, as we blocked most of their initial discernment techniques. As noted, we are more interested in what a hacker could do behind breaking through our barriers, than can get through. A determined hacker can always find a way in.
What is the team compound?
For each of the collaborative tests, they sent two nation to our website. We worked with those individuals straightly. At times, they would coordinate with some of their distant colleagues for help.
How did you come to work with Silent Break Security?
I leading occupied them for a project almost three years ago and we have continued to access them for their services. We initially selected them as discernment professionals and since then have used their collaborative pen test offering to help train our employees. Their costs were competitive, and we feel they have granted value to us.
What is the status of this engagement?
We began working unitedly in 2016, and the union is ongoing.
Results accomplishd
What evidence can you share that demonstrates the contact of the engagement?
We’ve had many fast wins, that were relatively easy changes, that helped enhance our security.
How did Silent Break Security accomplish from a project treatment restpoint?
They coordinated with us well upfront to fix they could hit the ground running. They granted hard technical leaders, who could also handle each engagement and fix the time spent was where it granted the most value. They also did a good job of balancing the attacks with the training to fix the team conversant.
Their treatment summary reports didn’t always hit the mark for our organisation. We needed to work with them on verbiage to fix the interaction was at the appropriate level for our senior treatment teams and that it was clear on some of the actionable things we could do, but without going to deep technically. They worked well with us on this, but it did take a few go-rounds to get there. Probably would have been the same with any organisation we worked with.
What did you find most forcible almost them?
Their collaborative discernment tests veritably rest out. They brought nation onwebsite to expound their process, and our team conversant a lot from them. They helped us look at things differently and showed us how a possible hacker ponders.
Are there any areas they could better?
I can’t ponder of any betterments off the top of my head.
Do you have any advice for possible mannerers?
Provide as much clarity as you can on your objectives. We were very clear almost what they could and could not test, which fixd minimum to no disintegration to daily operations.
