Case Study

Penetration Testing

CLIENT

Investment Solutions and Technologies Company

Case Study

Penetration Testing

CLIENT

Investment Solutions and Technologies Company

THE CHALLENGE

The Board of an investment solutions and technologies company in Switzerland wanted to understand their exposure to cyber criminals. They needed to find out how efficiently their current security measures performed in the event of a cyber attack.  

HOW WE SOLVED IT

In order to evaluate the client’s security posture, Arco IT conducted tests that aimed at both internal and perimetral assets. To execute them, Arco IT posed as external attackers from the Internet, as well as attackers with access to the internal network to ensure coverage of multiple scenarios. 

All tests were performed by combining our professional experience with well known methodologies such as NIST 800-115, OSCP Course Curricula, and Penetration Testing Standard (PTES). 

Penetration testing was performed in a hybrid “grey box” approach. 

The tests simulated external threats (hacker, malicious user) from the internet who attempted to find vulnerabilities in the target systems and exploit them in order to gain unauthorized access to sensitive information or affect the correct functionality of the systems. And also internal threats (hacker, malicious user) with access to the internal network who tries to make lateral movements. 

Fig. 1 Overview of Penetration Testing Process 

After the tests were finished, all the results were presented to the client in a detailed report containing high, medium and low risk vulnerabilities. Arco IT also developed recommendations in order to improve the client’s security posture.  

With a clearer view of their strengths and weaknesses, our client was able to strengthen and mature their IT security.  

Regain confidence and control of your IT security

Take the first step toward safeguarding your data and reputation. Contact us today for a free consultation.