blog.ethiack.com Open in urlscan Pro
141.101.90.96  Public Scan

Form analysis
0 forms found in the DOM

Text Content

This website stores cookies on your computer. These cookies are used to improve
your website experience and provide more personalized services to you, both on
this website and through other media. To find out more about the cookies we use,
see our Privacy Policy.

Accept Decline

 * Product Show submenu for Product
   * Our Technology
   * AI Automated Pentesting
   * Attack Surface Management
   * Elite Ethical Hacking
 * Pricing Show submenu for Pricing
   * See Plans
   * For Startups
   * For MSSPs
 * Company Show submenu for Company
   * About
   * Contacts
 * Hackers Show submenu for Hackers
   * Our Ethical Hackers
   * Leaderboard
 * Resources Show submenu for Resources
   * Blog
   * Press Archives

 * Product Show submenu for Product
   * Our Technology
   * AI Automated Pentesting
   * Attack Surface Management
   * Elite Ethical Hacking
 * Pricing Show submenu for Pricing
   * See Plans
   * For Startups
   * For MSSPs
 * Company Show submenu for Company
   * About
   * Contacts
 * Hackers Show submenu for Hackers
   * Our Ethical Hackers
   * Leaderboard
 * Resources Show submenu for Resources
   * Blog
   * Press Archives

LOGIN
SIGN UP
Case Studies


FROM CHECKLIST-BASED PENTESTING TO AUTONOMOUS ETHICAL HACKING: WHAT CHANGED FOR
CEGID

Ethiack 24/01/24 14:13



ABOUT CEGID

CEGID is a conglomerate of companies headquartered in Lyon, France. They offer
dozens of software solutions, often in critical sectors dealing with sensitive
data. It goes without saying that cybersecurity is at the top of their list of
concerns.

They found great results from implementing Autonomous Ethical Hacking. Here’s
the full story.




Industry:  Information Technology
Headquarters: Lyon, France
Employees: 5000+
Protected Attack Surface: +1500 assets

 


THE PROBLEM


André is a SecOps Engineer responsible for all infrastructures and their
security in Portugal, Spain and Africa. After 5 years of his team leading this
area of the company, he identified a vital need: they couldn’t stick to annual
pentests. His team managed the assets of 21 companies and multiple offices of
the group, and he knew that a simple checklist based pentest done once per year
wasn’t going to be effective in keeping their customer data safe. Product teams
were shipping code every week - they needed a solution that kept up with these
changes



They experimented with other tools, but quickly ran into a problem: false
positives. André mentions “these often came in the thousands” and made it
impossible to mitigate any real vulnerabilities.






THE SOLUTION


Enter Ethiack. During a casual lunch meeting, an Ethical Hacker from our talent
pool was mentioned. A Proof of Concept (POC) was launched for both Ethiack 1.0
and 2.0, which turned into a contract for both Machine Ethical Hacking and Human
Ethical Hacking.



Our Machine Ethical Hacking offering solved their biggest problem: having a
24/7, continuous approach to pentesting that could alert the product teams on
vulnerabilities needing to be mitigated. This finally gave André and the whole
cybersecurity team a clear view of their security posture and what was more
exposed. 



And to complement this, they launched Human Hacking events to test the most
critical parts of their infrastructure and if it held up against human
ingenuity.

 


THE OUTCOME


The combined approach yielded great results. While Machine Hacking dealt with
easier-to-spot attack vectors, the Human Hacking Events uncovered several
critical vulnerabilities that only a skilled hacker could have uncovered.


The fast detection of vulnerabilities and minimal false positive rates (<1%)
allowed CEGID’s product and security teams to focus more on mitigation and
prevention, thus improving their security posture. In the words of André:

> The way Ethiack incorporates EASM with Automated Pentesting has brought us
> simplicity and proactivity in solving large-scale problems. As a group with so
> many exposed assets, doing this work manually was simply impossible.
> 
> The main transformation was the gaining a complete view on our surface, which
> we previously lacked. What we have publicly exposed, their vulnerabilities,
> and our impact in the cyberspace.

Download the full case study here

Previous Post

ETHIACK FEATURED IN THE PORTUGAL FINTECH REPORT 2023

Next Post

DIGITAL EXPOSURE ANALYSIS OF THE 500 LARGEST PORTUGUESE COMPANIES

Securing technological progress
and rewarding Ethical Hackers.

Follow us on discord Follow us on LinkedIn Follow us on Twitter Follow us on
Github




PRODUCT

Technology

Pricing

AI Automated Pentesting

Elite Ethical Hacking

Attack Surface Management

Risk Exposure Management

Risk-Based Vulnerability Management

Continuous Automated Red Teaming

Passive Recon Scan

Knowledge Base

Product Status

COMPANY

About

Hackers

Blog

Contacts

Press Archives
Partners Portal Login

LEGAL

Terms of Service

Security Policy

Privacy Policy

Cookie Policy

Complaint Book

Copyright © 2024 ETHIACK All Rights Reserved