This is the question one of the region's largest utility companies asked us. The cybersecurity team at the utility company needed to ensure their network was free from major vulnerabilities and to verify significant security upgrades that had recently been performed.
This was important to keep member information secure and comply with NERC's guidance on regular penetration testing to ensure continued business resilience.
Adversis quickly aligned with the team's needs to ensure that appropriate network segments would have high priority for assessment and review. Coverage would fit what the client team needed to validate. In addition, the report would be documented and debriefed in both strategic and tactical manner that would allow the team to hit the ground running with specific implementations and fixes to quickly resolve issues and prioritize a roadmap for strategic initiatives.
Leveraging deep experience based on ethical hacking complex environments across the Fortune 500, Adversis began assessing the networks using advanced audit techniques and pragmatic methods to evaluate realistic risks. Exceeding the industry standard cyber kill chain from reconnaissance to post-exploit activities, the team highlighted the robustness of the network team's segmentation and cyber controls while providing insight into hidden exposures. The client team was along for the ride, with regular updates and real-time responses to remediate critical issues.
This assessment allowed the utility company to understand its current state of controls and response capabilities. The precise report, with strategic and tactical guidance and follow-up sessions, provided a clear path forward for improvement and compliance. The team was also able to obtain additional resources for training and support for realistic prioritization of cybersecurity controls. Compliance requirements were satisfied, controls validated, and time saved. It was an energizing experience for all parties.