Case studies for PTaaS

Case Study: Global Security Software Provider

30+

Countries

800+

Staff

10+

Years

Company background

A prominent cybersecurity company, employing 800 staff across the US, specializing in developing a security agent installed on user devices to detect malware.

Additionally, they offer a SaaS application serving as a dashboard for security teams to monitor and manage these agents.

Statement of Work (SOW)

The client enlisted OP Innovate’s expertise to conduct comprehensive penetration testing.

This initiative was driven by their commitment to adhere to SOC2 compliance standards and an acute awareness that as a mature cybersecurity entity, their reputation could be significantly impacted by any cyber incident.

Added Value through PT, PTaaS, and ASM

Recognizing the client’s agile development process, with new features being released weekly, OP proposed a strategy to conduct quarterly penetration tests. This proactive approach aimed to minimize the risk exposure window that could arise from potential vulnerabilities in newly released features.

A pivotal aspect of our service was the integration of OP’s Web Application Security Program (WASP) and Attack Surface Management (ASM) capabilities. This powerful combination enabled comprehensive mapping of the client’s digital assets.

A significant discovery was made: numerous client dashboard URLs, not initially recognized as part of the company’s asset portfolio, were identified. Addressing these overlooked assets facilitated a substantial cost-saving for the client, estimated at $300,000 in cloud storage expenses.

Impact

The findings from the Penetration Testing and PTaaS were meticulously analyzed through a triage process. This approach provided the client with a clear understanding of prioritized action items essential for bolstering their organizational and product resilience against cyber threats.

Recommendations

OP recommends that companies dealing with sensitive data or those who place a high premium on their reputation, an annual penetration test is insufficient. A more robust strategy would involve quarterly manual penetration tests coupled with continuous monitoring using an ASM tool. This combination offers an effective solution for real-time asset scanning and vulnerability detection, ensuring an enhanced security posture.

Conclusion

Through OP’s tailored penetration testing services and continuous asset monitoring, the client not only aligned with compliance standards but also fortified its cybersecurity infrastructure. This case study underscores the importance of regular and comprehensive security assessments in today’s dynamic cyber landscape.

Automated pentesting

Manual penetration test 4 times a year

Under Cyber Attack?

Fill out the form and we will contact you immediately.