The customer had solutions from a variety of vendors in their IT environment, including Cisco for their networking routers, switches, firewalls, and wireless. They had Microsoft O365 deployed through an Azure cloud setup, as well as NetApp to handle their storage and Cohesity for backup.

Sentinel proposed conducting both an internal and external penetration test to help uncover any security gaps within the customer’s environment. The external pen test simulated an attack attempting to breach the customer’s network and escalate access to obtain private or sensitive information. The internal pen test used a laptop shipped to the customer to simulate an attack from within their network and gain access to private or sensitive information.

The penetration tests uncovered some major flaws within the customer’s security infrastructure, largely stemming from their password policies. A Fortis analyst cracked the passwords of multiple users and obtained a large amount of private information, including employee social security and credit card numbers. The customer was shocked by the size and scope of sensitive data collected by Fortis and took immediate action to remedy this security weakness. A new policy increased the number and variety of characters required for all user passwords. Cisco Duo was also deployed in their environment, creating a multi-factor authentication requirement for users when logging into the local network and applications.

One year after these changes were made, Fortis conducted another penetration test on the customer’s environment and was unable to gain access. The customer continues to work with Sentinel on a regular basis to further improve their IT environment with complex projects and initiatives.