How Crowe UK safeguarded its network with regular penetration testing
Read Case StudyCrowe UK
Case Study
The Requirement
Crowe U.K. LLP (Crowe UK) is a leading audit, tax, advisory and risk firm with a national presence in the UK. Crowe has approximately 1300 people in the UK, based across multiple office sites. Crowe UK provides specialist advice to thousands of clients of all sizes and sectors. They are an independent member of Crowe Global, one of the top 10 accounting networks in the world.
Crowe UK is a cyber-aware company that ensures the best protection for the business. As part of this, it conducts weekly automated vulnerability scanning. As a computerised scan, a list of items is checked or tested on, however Crowe recognise that automated vulnerability scanning has limitations.
Human penetration testers, while using vulnerability scanning tools, would also have the intelligence and knowledge to try and exploit what they find using different ways and techniques that they are seeing in the market.
Crowe UK’s cyber insurance provider mandate that penetration testing, over and above vulnerability scanning, is conducted on a quarterly basis.
Therefore, Crowe UK wanted to conduct regular penetration testing to satisfy insurance requirements, identify if anything in the network could be vulnerable, and ensure the business is protected.
To learn more about Crowe UK’s requirements, read the full case study.
“The whole process from scoping to the testing phase was well organised. The penetration test itself was conducted very professionally.
The final report is always very clear and allows us to communicate with internal and external stakeholders in a consistent manner”
Mick Marshall, Director, Infrastructure & Security, Crowe U.K. LLP
The Solution
Crowe UK engaged DigitalXRAID to perform regular penetration testing in order to identify any security weaknesses and potential exploitable vulnerabilities.
DigitalXRAID delivered a thorough penetration testing service in line with the agreed scope. Over several days, the team conducted comprehensive tests which assessed the infrastructure, and determined whether any vulnerabilities existed that could be compromised.
As a high-level overview of the attack simulation phase, the testers looked at areas such as the versions of software or hardware in use, passive monitoring of the network in internal environments, used active scanning techniques such as port scanning, and investigated identity authentication and authorisation in order to attempt to bypass processes and workflows.
At the end of the testing period, DigitalXRAID supplied a comprehensive report, detailing the methodologies followed and highlighting and categorising any vulnerabilities found into low, medium, high and critical priorities. The report included a risk summary that explained how any vulnerabilities identified could be used by an attacker to affect the business.
To learn more about the results of the pen testing project, read the full case study.
Cyber Security Experts
Accredited and regulated, we're in the top 1% of cyber security agencies globally
We’re trusted by the UK Government as Crown Commercial Service providers as well as being accredited by two of the leading cyber security governing bodies. Our ISO9001 certification means you can rest assured our processes and approach are market leading.
Protect Your Business & Your Reputation.
With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.
