How NetSPI is helping Co-Mo Connect improve their cyber security posture and protect their members

The challenge

Co-Mo Connect, like most companies, is always trying to improve their cyber security posture. “The only way to do that is to stay engaged and continue moving cyber security projects forward. Just because your company thinks you have good cyber hygiene or good cyber security, doesn’t necessarily mean you shouldn’t put it to the test,” said Ryan Newlon, IT Manager at Co-Mo Connect.

Co-Mo is unique in that they are part of a larger intricate system where someone could potentially attack their area and then go upstream or shut power off to individuals, which makes cyber security very important for them. As such, they always want to make sure they’re not vulnerable or getting attacked – and if they are, make sure their environment is hard enough to where they can stop them, deter them, or have a proper way of responding in a timely manner.

“With Co-Mo Connect being an ISP, it is important to always look for vulnerabilities and be vigilant in ensuring we are maintaining a secure environment,” said Ryan.

Why Co-Mo Connect works with NetSPI

1. The results and reports: The work NetSPI did was very good; it fit the timeline and produced the reports that were requested. NetSPI performed the penetration test in a thorough, professional manner and vulnerability explanations were very well thought out.
2. Manual penetration testing: “We were specifically looking for hands-on penetration testing with a person manually running tests, not just automated scanners,” said Ryan. “It was clear during the test that it was human interaction that was trying different things to get into our network, not just a bunch of scripts that were being run. And when the NetSPI team would run into an obstacle, they would try and get around it and actually do the penetration test.”
3. Honesty: Ryan appreciated the honesty from the NetSPI team. “They said that they had a hard time getting into our environment because our password complexity and policy was good,” said Ryan. “With them telling us that our environment was in pretty good shape, that was good to hear. But they didn’t stop there; they continued to try to get into the environment.”
4. Equipment solution: NetSPI sent Co-Mo a NUC (Next Unit of Computing) for them to put into their environment as if it was already penetrated, which Ryan said was a nice set-up and very easy. With this device, NetSPI was able to do what they need to do in a few days.

Considering working with NetSPI? Here’s what Ryan would tell you

“I was very happy with the service NetSPI provided. The test was very thorough and provided us with a lot of areas which we needed to improve. The results were easy to view and digest, meaning I could go in and resolve some of the issues to harden our network immediately,” said Ryan. “I feel like our environment is definitely better from having that penetration test and taking the time on remediation steps.”

“The approach NetSPI took was different than previous penetration tests, and it was very thorough, to the point that NetSPI found vulnerabilities that other people had missed.”

“Through this penetration test with NetSPI, we figured out what we didn’t know. We try very hard to do cyber security in a successful way, but if there are things you don’t know about, then there’s no way that you can fix those. NetSPI really pointed out some of the things that were very difficult to identify unless you have a skilled penetration tester diving in and challenging those things. I don’t think I would have found some of the vulnerabilities that they were able to find.”