Finding a penetration tester for automation technology

Around 80% of OT managers in German companies have experienced a breach of their infrastructure in the past two years. At the same time, a global study by IBM reveals an average value of such data leaks of 3.4 million euros. Only 10% of the companies surveyed reported never having experienced a breach. Among these 10% were predominantly companies whose systems were subject to regular audits and penetration tests.

How our service uncovered the security vulnerabilities of a leading global automation technology provider

What we were faced with

Our customer needed to find a qualified provider for regular penetration testing and vulnerability management

Learn more

How our team helped

Our CyberCompare team focused on the most important requirements of our customer: Desired scope, experience of the provider, certifications of the penetration testers, cost-performance ratio and customer references of past projects

Learn more

What we achieved

Through a look-up in our CyberCompare database we identified a qualified provider who used penetration testing to identify critical vulnerabilities and ensured clear and transparent pricing

Learn more

Perspective from one of our experts:

“In the IT world, automated tools have increased the productivity of pentesters. But in an industrial environment, there is a long list of technologies that do not (yet) offer automated solutions to help investigate and assess security vulnerabilities.”

Read the whole interview

Justin Searle

Director of Industrial Security at InGuardians

Challenge

Transparency about potential security gaps through penetration testing and vulnerability management

For a leading global provider of automation technology, whose systems had not yet been subjected to external audits or tests, it was important to introduce regular penetration tests and vulnerability management. The aim of the measure was to create more transparency about potential security gaps. The company’s heterogeneous system landscape, consisting of IT, OT and IoT, required suitable and flexible service providers.

Find out how you can benefit from our experience and identify and close potential security gaps

Learn more

Approach

Inventory of the systems to be tested and clarification of the scope of the test

With an inventory of the systems to be checked, we defined the scope of services for the test and established criteria for vendor selection. We considered, among other things, the experience of the respective vendor, certifications of the penetration testers, the price-performance ratio and customer references from past projects. Through our anonymous RFP among potentially suitable service providers, we organized four provider presentations and supported the customer in the bid selection process.

The CyberCompare method:

Identification of Top Cyber Risks
Strategic Vendor Selection
Anonymous Tender
Individual Provider Recommendation & Support

Effect

Direct cost savings and identification of critical security gaps

Blackbox and Greybox penetration tests identified several mission-critical security vulnerabilities. The company saved money because we found a provider with a better price-performance ratio compared to the customer’s own RFP.

Make an appointment to get a free penetration test comparison specifically for your case

Make an appointment now

Simeon Mussler

COO Bosch CyberCompare

+49 (0)711 811-19893

Simeon.Mussler@bosch.com