success stories

Pentesting and Red Team Exercise

Customer

Avatel

Sector

Telecoms & High-tech

Capabilities used

Team specialized in intrusion and exploitation of services and vulnerabilities.

Other companies or players involved

Equipo de seguridad y otros departamentos de AVATEL

 

Situation

Avatel is a teleoperator that has undergone dizzying growth in recent years. As a consequence of the absorption of dozens of smaller operators, the network infrastructure inherited from these smaller companies could be an access point for cybercriminals, so there was a great need for a Red Team exercise to search for vulnerabilities in the network infrastructure to prevent possible exploitation by cybercriminal groups.

Tasks

The service carried out was based on the analysis of the external and internal infrastructure of the organization and to verify its robustness and maturity in terms of cybersecurity. In addition, social engineering exercises have been carried out to test the weakest link in the security chain, the human being, by testing with real phishing attacks for subsequent employee awareness.

Action

After four months of work and continuous audits in a production environment and a Black Box approach, our team has managed to detect a multitude of potential security breaches that could have led to a larger scale attack, achieving a timely detection and subsequent remediation. In this way, a secure architecture has been established in order to prevent possible attacks by third parties.

Result

Thanks to the team's work, possible security breaches have been detected and remedied to provide a higher level of security for the operator and prevent it from being a future target for cybercriminals.