Redscan Case Studies Enhancing Cybersecurity in Banking through Penetration Testing: A Case Study

Edit This Case Study Record

	Enhancing Cybersecurity in Banking through Penetration Testing: A Case Study Redscan

Enhancing Cybersecurity in Banking through Penetration Testing: A Case Study

Redscan

Technology Category	Cybersecurity & Privacy - Security Compliance Networks & Connectivity - 5G
Applicable Industries	Finance & Insurance National Security & Defense
Applicable Functions	Quality Assurance
Use Cases	Experimentation Automation Tamper Detection
Services	Cybersecurity Services Testing & Certification
Challenge	A specialist bank in the UK, processing a high volume of sensitive data, recognized the need to review its approach to cybersecurity due to digital transformation and the rapidly evolving threat landscape. The bank was concerned about its increased security risk due to a recently launched online banking portal and an increasing number of workloads moving to the Amazon Web Services (AWS) Cloud. The bank had previously used other providers for penetration testing but felt the need for a fresh approach to uncover vulnerabilities that may have been overlooked. The bank sought the expertise of Redscan, with whom it already had a strong relationship, to provide in-depth insight and support its compliance with the requirements of the Financial Conduct Authority, the Prudential Regulation Authority, and the GDPR. Read More
About Customer	The customer is a specialist bank based in the UK. The bank processes a high volume of sensitive data, making it an attractive target for cybercriminals. The bank had recently launched an online banking portal and was moving an increasing number of workloads to the Amazon Web Services (AWS) Cloud. The bank was concerned about its increased security risk due to these changes and recognized the need to review its approach to cybersecurity. The bank had previously used other providers for penetration testing but felt the need for a fresh approach to uncover vulnerabilities that may have been overlooked. Read More
Solution	Redscan’s team of CREST-accredited pen testers performed a range of tests over a week to assess every element of the bank’s network. The focus was on establishing the extent to which hackers could gain unauthorized access to the bank’s critical systems and data. The six phases of testing covered internal infrastructure testing, external infrastructure testing, web application testing, build testing, configuration testing, and a firewall review. The tests were conducted both on-premises and remotely, with the Redscan team liaising closely with the bank’s Cyber Security Manager and IT Manager to complete the process smoothly without impacting the bank’s business operations. The team uncovered a number of threats previously overlooked by other pen testers, including default legacy protocols within the network that hadn’t been updated and a number of weak configurations. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Security Compliance

Networks & Connectivity - 5G

Applicable Industries

Finance & Insurance

National Security & Defense

Applicable Functions

Quality Assurance

Use Cases

Experimentation Automation

Tamper Detection

Services

Cybersecurity Services

Testing & Certification

Challenge

A specialist bank in the UK, processing a high volume of sensitive data, recognized the need to review its approach to cybersecurity due to digital transformation and the rapidly evolving threat landscape. The bank was concerned about its increased security risk due to a recently launched online banking portal and an increasing number of workloads moving to the Amazon Web Services (AWS) Cloud. The bank had previously used other providers for penetration testing but felt the need for a fresh approach to uncover vulnerabilities that may have been overlooked. The bank sought the expertise of Redscan, with whom it already had a strong relationship, to provide in-depth insight and support its compliance with the requirements of the Financial Conduct Authority, the Prudential Regulation Authority, and the GDPR.

About Customer

The customer is a specialist bank based in the UK. The bank processes a high volume of sensitive data, making it an attractive target for cybercriminals. The bank had recently launched an online banking portal and was moving an increasing number of workloads to the Amazon Web Services (AWS) Cloud. The bank was concerned about its increased security risk due to these changes and recognized the need to review its approach to cybersecurity. The bank had previously used other providers for penetration testing but felt the need for a fresh approach to uncover vulnerabilities that may have been overlooked.

Solution

Redscan’s team of CREST-accredited pen testers performed a range of tests over a week to assess every element of the bank’s network. The focus was on establishing the extent to which hackers could gain unauthorized access to the bank’s critical systems and data. The six phases of testing covered internal infrastructure testing, external infrastructure testing, web application testing, build testing, configuration testing, and a firewall review. The tests were conducted both on-premises and remotely, with the Redscan team liaising closely with the bank’s Cyber Security Manager and IT Manager to complete the process smoothly without impacting the bank’s business operations. The team uncovered a number of threats previously overlooked by other pen testers, including default legacy protocols within the network that hadn’t been updated and a number of weak configurations.

Impact #1	The penetration testing conducted by Redscan provided the bank with a comprehensive view of its security posture. The bank gained a deeper understanding of the risks it faces, with detailed context provided for each vulnerability discovered. The bank benefited significantly from the insight provided by Redscan’s offensive security team, which used manual tools and processes and applied creative thinking to replicate the approach of real-life adversaries. The pen testing engagements and reporting provided by Redscan helped the bank to more effectively meet the compliance requirements of the GDPR, the Financial Conduct Authority, and the Prudential Regulation Authority. Redscan’s focus was not just on finding vulnerabilities but on helping the bank to remediate them, providing helpful advice in reports detailing how the bank could address weaknesses and mitigate risks.

Impact #1

The penetration testing conducted by Redscan provided the bank with a comprehensive view of its security posture. The bank gained a deeper understanding of the risks it faces, with detailed context provided for each vulnerability discovered. The bank benefited significantly from the insight provided by Redscan’s offensive security team, which used manual tools and processes and applied creative thinking to replicate the approach of real-life adversaries. The pen testing engagements and reporting provided by Redscan helped the bank to more effectively meet the compliance requirements of the GDPR, the Financial Conduct Authority, and the Prudential Regulation Authority. Redscan’s focus was not just on finding vulnerabilities but on helping the bank to remediate them, providing helpful advice in reports detailing how the bank could address weaknesses and mitigate risks.

Download PDF Version

Overview

Enhancing Cybersecurity in Banking through Penetration Testing: A Case Study

Operational Impact