- Client A large global industrial manufacturing company
- Year 2020
- Location United States of America
- Category Operational Security
Red Team facility penetration exercise
Rose Partners was approached by a large global industrial manufacturing company to conduct a penetration exercise at one of its key facilities on the East Coast of the United States. This facility is one of the largest production sites within the state with activity ranging from industrial manufacturing through to research and development.
The challenge for the client was that they had testing facilities within the building for multiple global clients (commercial and governmental) where the end-users would work with the client on UXD and integration. The client was asked to provide independent and verified assurance that security of the different projects was not compromised in any form by a key government client.
Rose Partners proposed a staged red team exercise over the course of three weeks that sought to identify the physical and virtual vulnerabilities to the client and the independent projects within. This ranged from data analysis of key persons of the client IT team, social media scraping, link analysis, vulnerability testing of its enterprise network through to gaining physical access to the site and the respective projects within.
Rose Partners worked diligently and reported back on a weekly basis to the client contact and shared all relevant risks and vulnerabilities as we progressed (allowing serious risks to be triaged and managed). At the end of the exercise, a full report and briefing to the client’s Board allowed them to remediate the faults and put in place industry best practice information and cyber and physical security controls to not only secure this site but other production sites around its global network.