Cyber Risk Advisory & Response as a Service - Dark Web Monitoring
Dark Web Monitoring
7th June 2017

Reducing Vulnerability in the Supply Chain

VULNERABILITY-IN-THE-SUPPLY-CHAINS-1

VULNERABILITY IN THE
SUPPLY CHAIN

Penetration Testing Services for affiliates and key suppliers

A London based Private Equity firm with focus on consumer IOT manufacture and retail, engages Contour to support its Portfolio companies with Penetration Testing Services, to identify and plug any network infrastructure vulnerabilities that pose risk to operations and intellectual property. A request is also made of  Portfolio key part suppliers to provide proof of testing for assurance purposes, and, where support is needed, Contour are asked to assist.

Contour delivers a Vulnerability test of all assets, applications, devices and operating systems that the client predetermines, testing vulnerability to the latest software and hacking methodologies (including but not limited to SQL Injection, Cross Site Scripting, Covert Data Harvesting, Password and Credential Harvesting, Denial of Service, Application and Operating System Exploitation Server and Network Shut Down). A Penetration test is then performed to test the availability of the networks, systems and applications, and the availability and type of information that could be harvested if/once an attacker has gained access through the Vulnerability ie. the ease to which privileged access can be obtained, buffer overflows exploited, or SQL injection attack launched or for example system incident response.

Our ethical hacking team identifies a single point of entry within each company using the results found in the initial Vulnerability test (‘black box’) and we systematically test 1. how far they are able to move left or right within the tolerances of any intrusion detection system 2. the ease with which they can escalate privileges and/or 3. the ease in which they are able to disrupt operations or harvest sensitive data.

Penetration testing is conducted on all digital assets identified in the scope of work across the Portfolio and the key suppliers who required support, including but not limited to Networks, Applications, Devices and Corporate Wireless technology. A full supportive written report is then provided to the IT Directors of each entity and ongoing consultation support is made available where remediation help is required.

The Private Equity firm subsequently commissions Contour to perform the work as part of an annual testing programme for its portfolio and key suppliers and also for cyber due diligence ahead of any new portfolio acquisitions.