Once a year wasn’t going to cut it
At OSec it’s not unusual to work with financial-services companies to determine the risk posed by adversaries. A recent engagement with FNZ — a global wealth-management platform managing around $1.4 trillion in assets — proved the value of continuous penetration testing. Traditionally, pen testing happens once a year, or as a point-in-time exercise. FNZ opted instead for the ongoing assessment its Incenter platform provides, which is considered a game-changer in the industry.
A client emergency, cleared in a day
While FNZ regularly relies on the platform to highlight vulnerabilities within its own organization, the unique setup also let it run an urgent security assessment for a major financial-services client. Because Incenter is always on, OSec could add the client to the platform within 24 hours, and remediation guidance was offered almost immediately. Everything was in scope within a couple of days, and final findings were provided.
“Incenter is a total game changer in the market. There are only a handful of companies doing continuous pen testing, but OSec’s model is completely different from anything I’ve seen.”
A $2M fine that never landed
If FNZ couldn’t provide that security attestation or report promptly, there was a chance the application couldn’t be released as expected — which could have resulted in a $2 million fine. Instead, FNZ avoided the fine, the correct level of security was confirmed, and the exploitation of any vulnerability was ultimately prevented.
It’s evidence of a shift in the industry: organizations need an ongoing view of threats and vulnerabilities. OSec noted that paradigm shift and built Incenter for it — transitioning from traditional point-in-time pen tests to continuous security assessment, averting crises before they can even arise.