A prominent cybersecurity company, employing 800 staff across the United States and Israel, approached OP. This company specializes in developing a security agent installed on user devices to detect malware. Additionally, they offer a SaaS application serving as a dashboard for security teams to monitor and manage these agents.

The client enlisted OP’s expertise to conduct comprehensive penetration testing. This initiative was driven by their commitment to adhere to SOC2 compliance standards and an acute awareness that as a mature cybersecurity entity, their reputation could be significantly impacted by any cyber incident.

Recognizing the client’s agile development process, with new features being released weekly, OP proposed a strategy to conduct quarterly penetration tests. This proactive approach aimed to minimize the risk exposure window that could arise from potential vulnerabilities in newly released features. A pivotal aspect of our service was the integration of OP’s Web Application Security Program (WASP) and Attack Surface Management (ASM) capabilities. This powerful combination enabled comprehensive mapping of the client’s digital assets. A significant discovery was made: numerous client dashboard URLs, not initially recognized as part of the company’s asset portfolio, were identified. Addressing these overlooked assets facilitated a substantial cost-saving for the client, estimated at $300,000 in cloud storage expenses.

The findings from the Penetration Testing and PTaaS were meticulously analyzed through a triage process. This approach provided the client with a clear understanding of prioritized action items essential for bolstering their organizational and product resilience against cyber threats.

OP recommends that for companies dealing with sensitive data or those who place a high premium on their reputation, an annual penetration test is insufficient. A more robust strategy would involve quarterly manual penetration tests coupled with continuous monitoring using an ASM tool. This combination offers an effective solution for real-time asset scanning and vulnerability detection, ensuring an enhanced security posture.

Through OP’s tailored penetration testing services and continuous asset monitoring, the client not only aligned with compliance standards but also fortified its cybersecurity infrastructure. This case study underscores the importance of regular and comprehensive security assessments in today’s dynamic cyber landscape.