Download PDF
Redscan > Case Studies > Enhancing Cybersecurity in Banking through Penetration Testing: A Case Study
Redscan Logo

Enhancing Cybersecurity in Banking through Penetration Testing: A Case Study

Technology Category
  • Cybersecurity & Privacy - Security Compliance
  • Networks & Connectivity - 5G
Applicable Industries
  • Finance & Insurance
  • National Security & Defense
Applicable Functions
  • Quality Assurance
Use Cases
  • Experimentation Automation
  • Tamper Detection
Services
  • Cybersecurity Services
  • Testing & Certification
The Challenge

A specialist bank in the UK, processing a high volume of sensitive data, recognized the need to review its approach to cybersecurity due to digital transformation and the rapidly evolving threat landscape. The bank was concerned about its increased security risk due to a recently launched online banking portal and an increasing number of workloads moving to the Amazon Web Services (AWS) Cloud. The bank had previously used other providers for penetration testing but felt the need for a fresh approach to uncover vulnerabilities that may have been overlooked. The bank sought the expertise of Redscan, with whom it already had a strong relationship, to provide in-depth insight and support its compliance with the requirements of the Financial Conduct Authority, the Prudential Regulation Authority, and the GDPR.

About The Customer

The customer is a specialist bank based in the UK. The bank processes a high volume of sensitive data, making it an attractive target for cybercriminals. The bank had recently launched an online banking portal and was moving an increasing number of workloads to the Amazon Web Services (AWS) Cloud. The bank was concerned about its increased security risk due to these changes and recognized the need to review its approach to cybersecurity. The bank had previously used other providers for penetration testing but felt the need for a fresh approach to uncover vulnerabilities that may have been overlooked.

The Solution

Redscan’s team of CREST-accredited pen testers performed a range of tests over a week to assess every element of the bank’s network. The focus was on establishing the extent to which hackers could gain unauthorized access to the bank’s critical systems and data. The six phases of testing covered internal infrastructure testing, external infrastructure testing, web application testing, build testing, configuration testing, and a firewall review. The tests were conducted both on-premises and remotely, with the Redscan team liaising closely with the bank’s Cyber Security Manager and IT Manager to complete the process smoothly without impacting the bank’s business operations. The team uncovered a number of threats previously overlooked by other pen testers, including default legacy protocols within the network that hadn’t been updated and a number of weak configurations.

Operational Impact

  • The penetration testing conducted by Redscan provided the bank with a comprehensive view of its security posture. The bank gained a deeper understanding of the risks it faces, with detailed context provided for each vulnerability discovered. The bank benefited significantly from the insight provided by Redscan’s offensive security team, which used manual tools and processes and applied creative thinking to replicate the approach of real-life adversaries. The pen testing engagements and reporting provided by Redscan helped the bank to more effectively meet the compliance requirements of the GDPR, the Financial Conduct Authority, and the Prudential Regulation Authority. Redscan’s focus was not just on finding vulnerabilities but on helping the bank to remediate them, providing helpful advice in reports detailing how the bank could address weaknesses and mitigate risks.

Related Case Studies.

Case Study
Real-time In-vehicle Monitoring
The telematic solution provides this vital premium-adjusting information. The solution also helps detect and deter vehicle or trailer theft – as soon as a theft occurs, monitoring personnel can alert the appropriate authorities, providing an exact location.“With more and more insurance companies and major fleet operators interested in monitoring driver behaviour on the grounds of road safety, efficient logistics and costs, the market for this type of device and associated e-business services is growing rapidly within Italy and the rest of Europe,” says Franco.“The insurance companies are especially interested in the pay-per-use and pay-as-you-drive applications while other organisations employ the technology for road user charging.”“One million vehicles in Italy currently carry such devices and forecasts indicate that the European market will increase tenfold by 2014.However, for our technology to work effectively, we needed a highly reliable wireless data network to carry the information between the vehicles and monitoring stations.”
Learn more
Case Study
Smooth Transition to Energy Savings
The building was equipped with four end-of-life Trane water cooled chillers, located in the basement. Johnson Controls installed four York water cooled centrifugal chillers with unit mounted variable speed drives and a total installed cooling capacity of 6,8 MW. Each chiller has a capacity of 1,6 MW (variable to 1.9MW depending upon condenser water temperatures). Johnson Controls needed to design the equipment in such way that it would fit the dimensional constraints of the existing plant area and plant access route but also the specific performance requirements of the client. Morgan Stanley required the chiller plant to match the building load profile, turn down to match the low load requirement when needed and provide an improvement in the Energy Efficiency Ratio across the entire operating range. Other requirements were a reduction in the chiller noise level to improve the working environment in the plant room and a wide operating envelope coupled with intelligent controls to allow possible variation in both flow rate and temperature. The latter was needed to leverage increased capacity from a reduced number of machines during the different installation phases and allow future enhancement to a variable primary flow system.
Learn more
Case Study
Automated Pallet Labeling Solution for SPR Packaging
SPR Packaging, an American supplier of packaging solutions, was in search of an automated pallet labeling solution that could meet their immediate and future needs. They aimed to equip their lines with automatic printer applicators, but also required a solution that could interface with their accounting software. The challenge was to find a system that could read a 2D code on pallets at the stretch wrapper, track the pallet, and flag any pallets with unread barcodes for inspection. The pallets could be single or double stacked, and the system needed to be able to differentiate between the two. SPR Packaging sought a system integrator with extensive experience in advanced printing and tracking solutions to provide a complete traceability system.
Learn more
© 2015-2024 IoT ONE Limited | Privacy Policy

Contact us

Let's talk!

* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.