The progressive energy storage company had enlisted the help of third-party security operation service to safeguard their infrastructure, but they were dissatisfied with the level of protection provided at the operational technology (OT) levels and felt that the service provider was not fulfilling their contractual obligations.
LTI cybersecurity experts conducted a penetration testing of both the web application (using black box methodology) and the LAN (using grey box methodology) to simulate an attacker's steps in order to identify potential vulnerabilities. The objective was to determine what type of sensitive information could be extracted and what unauthorized actions could be carried out.
During the exercise, it was discovered that the partner had failed to comply with their contractual obligations by neglecting to monitor any of the operational technology endpoints. This allowed our team to carry out the assessment without being detected. The final report contained conclusive evidence of the partner's failure to fulfill the contract.
