Using penetration testing to prevent cyber attacks
To protect their IT environment against attacks, companies must first know their vulnerabilities. The experienced cyber security experts from Voith Digital Ventures support them in this effort. Using state-of-the-art technology, they simulate hacker attacks on the network – and detect potential security vulnerabilities of the customer in this way.
In times of increasing cyber attacks, one of the greatest challenges faced by companies is the protection of their IT infrastructure as well as all their plants and systems. More and more gateways are opening for hackers, primarily through the networking of the most diverse of components in the industrial IoT. Even critical infrastructures that are often subject to special requirements from their home country are battling with challenges such as Petya or WannaCry. These ransomware programs have sometimes caused great damage. This demonstrates just how little importance many organizations have attached to the topic of cyber security until now.
The most frequent causes for deficient protection or even a total lack of protection are the negligent behavior of the responsible employees or a lack of expertise and experience on the part of the companies. It is all the more important for them now to provide lasting security for their IT environment with the help of an experienced partner like Voith Digital Ventures. Clients benefit not just from the extraordinary cyber security expertise but also from the thorough industry knowledge of Voith in mechanical engineering and system design. This combination provides comprehensive protection against cyber attacks.
Protecting companies effectively
One of the most important methods for this is penetration testing. Before a company is attacked by hackers, it often has no idea where its security vulnerabilities lie. The cyber security experts from Voith Digital Ventures help to find them. Penetration testing, or pen test for short, consists of the following components:
As soon as a company has commissioned Voith Digital Ventures with a pen test, the experts start the preparations. The first thing they do is taking a technical inventory. To be able to analyze the whole IT environment, all components and (digital) interfaces that are relevant for the test are determined. Then, Voith, together with the client, specifies the scope of testing and the requirements on all participants. The goals of the first part of the test include understanding and transparency.
After specifying the boundary conditions, the cyber security experts start the actual assessment, that is, the simulation of a manual and an automated attack. Following this, a detailed platform analysis is performed. Voith implements the last step of the assessment part using black box and white box testing. The experts first test the system without having any information about its internal workings. After this, they perform testing again but this time it is based on an analysis of the internal structure of the system. Both versions are performed in accordance with the strategy for penetration tests provided by the German Federal Office for Information Security and the basic principles of the international ISO Standard 27001.
The third and last part of penetration testing by Voith Digital Ventures is reporting. This is composed of the following:
• Management summary focusing on critical findings and measures that can be implemented quickly
• Detailed findings report including corrective measures and a cost estimate
• Presentation of results to executives and IT managers
• A discussion of possible measures with the cyber security experts from Voith Digital Ventures
Penetration testing is only one part of the IT security products and services offered by Voith Digital Ventures. After this testing is performed, companies know their security vulnerabilities and the measures needed to correct them. However, the simulation and its evaluation do not protect the company against attacks. For this, clients can order additional services from Voith’s cyber security experts. Voith Digital Ventures provides comprehensive, integrated protection for the systems of its clients against cyber attacks so that they can focus on their core business again.