Financial services · wealth platform
Case study · Incenter · continuous app testing

Incenter is a total game changer.

A missed attestation meant a $2M fine — and annual testing needed weeks FNZ, a wealth platform managing ~$1.4T, didn’t have. Incenter onboarded and tested a client in 24 hours; the attestation cleared, and the fine never landed.

$2M
regulatory fine avoided
Company
FNZ
Sector
Wealth-management platform
Assets managed
~$1.4T
Employees
4,000
Engagement
Continuous app testing · Incenter
Onboarded
24 hours

Once a year wasn’t going to cut it

At OSec it’s not unusual to work with financial-services companies to determine the risk posed by adversaries. A recent engagement with FNZ — a global wealth-management platform managing around $1.4 trillion in assets — proved the value of continuous penetration testing. Traditionally, pen testing happens once a year, or as a point-in-time exercise. FNZ opted instead for the ongoing assessment its Incenter platform provides, which is considered a game-changer in the industry.

A client emergency, cleared in a day

While FNZ regularly relies on the platform to highlight vulnerabilities within its own organization, the unique setup also let it run an urgent security assessment for a major financial-services client. Because Incenter is always on, OSec could add the client to the platform within 24 hours, and remediation guidance was offered almost immediately. Everything was in scope within a couple of days, and final findings were provided.

Traditional annual pen testweeks to schedule & run — misses the release windowIncenter · always on24 hours to onboard · findings as discovered · attestation cleared
Swipe to explore →
Annual testing couldn’t meet the deadline. Incenter onboarded and cleared it in a day.
“Incenter is a total game changer in the market. There are only a handful of companies doing continuous pen testing, but OSec’s model is completely different from anything I’ve seen.”
Robbie Tyrie · Application Security Lead, FNZ

A $2M fine that never landed

If FNZ couldn’t provide that security attestation or report promptly, there was a chance the application couldn’t be released as expected — which could have resulted in a $2 million fine. Instead, FNZ avoided the fine, the correct level of security was confirmed, and the exploitation of any vulnerability was ultimately prevented.

It’s evidence of a shift in the industry: organizations need an ongoing view of threats and vulnerabilities. OSec noted that paradigm shift and built Incenter for it — transitioning from traditional point-in-time pen tests to continuous security assessment, averting crises before they can even arise.

See how we’d test you