A global pulp & paper manufacturer asked OTORIO to conduct a security and vulnerability penetration testing assessment of their network as it would be seen by an external attacker. The manufacturer wanted OTORIO to gain access to their internal network without any prior knowledge of it.
OTORIO’s Role
The customer manages over 100 manufacturing sites around the globe. OTORIO's Penetration Testing team probed the resilience of the manufacturer's "most critical site". OTORIO tested the magnitude of the damage that could be caused to the manufacturer with no prior knowledge or access to the network. OTORIO's Penetration Testing security team spent approximately two weeks identifying the security gaps utilizing a "black-box" approach.
Findings and Mitigation
Our Findings
OTORIO’s team concluded that there were several key areas that required improvement in order to ensure that such an attack would not be successful in the future. These areas include:
OTORIO’s Role
OTORIO was tasked with:
Recommendations
The team provided various security control improvements that the customer can implement to ensure that its network is resilient to similar attacks in the future. Some of the suggestions included:
Moving Forward
OTORIO’s incident response assessment and reports gave the customer a clear picture of the steps the attacker took during the attack, with an emphasis on the security gaps that enabled their activity. OTORIO provided the company with a solid security posture plan to ensure that they are capable of taking the first steps in improving OT security immediately.
Following the successful incident response, the customer requested that OTORIO extend its services and perform Penetration Testing to assess network resilience.