The hacker tricked an employee into visiting a website through a virtual desktop. The employee was using Firefox, and the hacker was able to get in through a security hole in the browser.
The hacker immediately accessed sensitive information including administrative usernames and passwords and started to download it. That activity triggered an alert in the Critical Insight Security Operations Center.
A security analyst saw the alert and a Critical Insight Success Engineer called the organization within 10 minutes. Their team quickly contained the intruder. Luckily, the intruder was actually not a criminal. It was a person hired to search for vulnerabilities in a service called a penetration test.
“Penetration testing is a great way to help manage security in an organization. It’s great at evaluating the efficacy of your security system’s detection and response mechanisms, and it’s a fantastic tool when you want to build a case to affect meaningful internal change and/or ask for a larger security budget.”
Mike Hamilton, CISO at CI Security
This customer did everything right: they had an excellent internal response plan, executed it well, and tested it with a pen-tester. We are happy to have caught the pen-tester for them!
Michael K Hamilton
The CISO at CI Security