Bulletproof Security Testing Team Identifies Vulnerability in a Platform Used by Numerous Higher Education Organizations
.png?width=373&height=128&name=POTY%20Award%20Logo_White%20(2).png "POTY Award Logo_White (2)")
With cyberattacks happening on an ever-increasing scale of frequency and sophistication, keeping tabs on current vulnerabilities is a critical part of maintaining a secure digital environment for your organization. With that in mind, it’s critical for your business to reduce cybersecurity risks through penetration testing as it’s one of the most cost-effective and invaluable tools in your company’s security arsenal—and of the technology security community at large.
-2.png?width=226&name=Icons%20(42)-2.png)
The average cost of a breach rose from $4.24M to $4.36M from 2021 to 2022!*
*Cost of Data Breach 2022, IBM
Article Sections
Strong Cybersecurity Community, Strong Cybersecurity Posture
WHY BULLETPROOF COLLABORATES WITH CVE?
Bulletproof proudly participates with Common Vulnerabilities and Exposures (CVE), which is a program owned by the MITRE Corporation. MITRE is a non-profit organization in the United States that collaborates with government agencies like national security, homeland security, cybersecurity association, and more, to solve problems for the public to create safer digital spaces on a global scale.
WHAT IS CVE?
CVE is a portal created by MITRE for the technical community to report any system or program vulnerabilities they discover. This shared knowledge makes it easier for IT security professionals to stay on top of new risks and can be a key factor in platforms developing patches for their software so that it is more secure for all users.
How Using CVE Can Make a Difference
To illustrate just how helpful the network created by CVE can be, we’ll share a real-world example. Our Information Security Services team was conducting a penetration test for Saint Mary's University (SMU) when our team lead discovered that one of the platforms that the school was using had a systemic vulnerability that not only affected their software but others who use it. The platform, Terminalfour, is used worldwide by universities and higher education organizations to support student recruitment and retention, digital marketing, and alumni fundraising, which meant this vulnerability could put other universities at risk.
To inform the wider community, we worked with the vendor to get this case reported on the CVE site. This alerted both other users and Terminalfour of the vulnerability so immediate action could be taken to resolve the issue. Thanks to the proactive measures SMU undertook to protect their security and the effective action taken by our Information Security Services team, the issue has been resolved and Terminalfour is now an even more secure platform. We worked with CVE and Terminalfour to undergo responsible disclosure, making sure to publish details only when all parties agreed it was safe to do so once a fix was available and applied for all Terminalfour clients. Since CVE disclosed the issue, making it public knowledge, other diligent users of the software can check their systems, update their platforms, and ensure their systems are secured.
Get the Breakdown of our Terminalfour Vulnerability Discovery
.png?width=287&name=Best-of-Platform_Blog%20Image%20(1).png)
Pen Testing: Not Just for Compliance
A key lesson from this scenario is the importance of being proactive when it comes to cybersecurity. The cost of a Pen Test is nothing compared to the cost of a breach. According to IBM, the average cost of a breach rose 2.6% in 2022, from $4.24M—the highest average total cost in the history of their report—to $4.35M. There’s a myth that penetration testing, or pen testing, is needed solely for legal and compliance reasons. In fact, there are many reasons why this type of technical security testing is valuable.
Effective pen testing can:
Determine what security vulnerabilities your network has and if it’s already been compromised.
Identify vulnerabilities and central weaknesses allowing you to make informed risk-based business decisions.
Detect and mitigate vulnerabilities before they’re exploited.
A fourth advantage is that leveraging a third-party testing company provides an external and unbiased perspective. Often, it may be difficult for internal IT or security teams to see every problem because they are focused on running day-to-day operations. Third-party pen testers are fully committed to ethical hacking and are up to date with the latest cyberattack tactics. Partnering with a third party allows your organization to improve security, increase user awareness, identify new vulnerabilities or gaps, and access controls without compromising your company’s (and IT team’s) existing workload.
Pen Testing vs. Vulnerability Assessment: What’s Right for You
What sets pen testing apart from other types of vulnerability testing? The active nature of its execution. Vulnerability assessments identify vulnerabilities in a predictable manner and with a general scope, resulting, typically, in a report listing recommendations and action items.
Pen testing, on the other hand, involves actively working to bypass your security controls to obtain network resources. It’s highly focused and, like actual hacking, can have unpredictable results. When you’re signing on for pen testing, you’re agreeing to let IT security professionals penetrate and exploit your network. It can be a daunting realization for some companies but, as we’ve seen in the case of Terminalfour, can result in immediately actionable outcomes and overall, a stronger, more secure tech stack.
Learn how Bulletproof can help prepare and safeguard your organization
In our ON-DEMAND webinar, So, You Had a Security Assessment...Now What?, you’ll learn a deeper understanding of your next steps; actionable tasks; and the confidence to complete them.
Why Bulletproof?
BULLETPROOF CREDENTIALS
-
2024 Microsoft Intelligent Security Association Excellence Award Winner, Security Trailblazer
-
Decades of technology, compliance, and security knowledge serving various industries of all sizes
-
Global state-of-the-art 24/7 Security Operations Centers (SOC)
-
24/7 Service Desk support for users
-
Complete solutions provider, offering a full range of IT, security, and compliance solutions to meet your ever-evolving needs and budget
-
Bulletproof professionals hold industry-recognized certifications, including CISM, CISSP, CEH, OSCP, SC-200, MS-500, AZ-500, MS-100, NIST CSF/800-53/800-171, ISO/IEC 27001, CMMC RP, CMMC RPO, WLA-SCS, CISSP, CISA, CEH, CPT, OSCP, and PCI-QSA
- SOC-2 Type 2 Compliant
-
Microsoft Solutions Partner for Modern Work, Azure Infrastructure + Security, specializing in Threat Protection, Cloud Security, and Information Protection and Governance + Digital & App Innovation Azure
-
Member of the Microsoft Intelligent Security Association
-
Certified Cybersecurity Maturity Model Certification (CMMC) Practitioner Organization
Vasu Jakkal, CVP, Microsoft Security
Get Serious About Your Security.
Identify vulnerabilities and strengthen your overall posture with the expert team at Bulletproof. Get in touch by completing this form and we'll connect you with a Bulletproof expert.