VULNERABILITY IN THE
Penetration Testing Services for Portfolio companies and Key Suppliers
A London based Private Equity firm with focus on consumer electronics and hardware, engages Contour to support its Portfolio companies with Penetration Testing Services, to identify and plug any network infrastructure vulnerabilities that pose risk to operations and intellectual property. A request is also made of Portfolio key equipment suppliers to provide proof of testing for assurance purposes, and, where support is needed, Contour are asked to assist.
Contour delivers a Vulnerability test of all assets, applications, devices and operating systems that the client predetermines, testing vulnerability to the latest software and hacking methodologies (including but not limited to SQL Injection, Cross Site Scripting, Covert Data Harvesting, Password and Credential Harvesting, Denial of Service, Application and Operating System Exploitation Server and Network Shut Down). A Penetration test is then performed to test the availability of the networks, systems, IOTs and Applications, and the availability and type of information that could be harvested if/once an attacker has gained access through the Vulnerability (ie. the ease to which privileged access can be obtained, buffer overflows exploited, or SQL injection attack launched or for example system incident response).
Our ethical hacking team identifies a single point of entry within each company using the results found in the initial Vulnerability test (‘black box’), or if perimeter defences are found to be suitably hardened, the client IT department provides back door access to mimic a successful phishing campaign or stolen set of user login credentials. We then systematically test 1. how far they are able to move left or right within the tolerances of any intrusion detection system 2. the ease with which they can escalate privileges and/or 3. the ease in which they are able to disrupt operations or harvest sensitive data.
Penetration testing is conducted on all digital assets identified in the scope of work across the Portfolio and the key suppliers who required support, including but not limited to Networks, Applications, Devices and Corporate Wireless technology. A full supportive written report is then provided to the IT Directors of each entity and ongoing consultation support is made available where remediation help is required.
The Private Equity firm subsequently commissions Contour to perform the work as part of an annual testing programme for its portfolio and key suppliers and also to for cyber due diligence ahead of any new portfolio acquisitions.