Detect Weaknesses in IoT and OT Systems with Pentesting
According to Gartner, as many as 24% of organizations with Operational Technology systems experienced a breach in 2021 that resulted in access by a malicious actor. This number is certainly increasing each year as IoT and OT systems expand globally.
Using our experience with highly specialized Operational Technology systems, Raxis can help uncover cybersecurity vulnerabilities at every level of the system. When scoped correctly, Raxis examines the embedded systems themselves, the network devices that facilitate communication, and any servers that handle data for the OT systems.
Raxis provides a detailed IoT/OT pentest report that details a step-by-step storyboard of how we performed the hack, along with details on options on closing the security gaps.
IoT and OT systems are often left unpatched in order to reduce downtime, making them more vulnerable to outages from attacks.
Raxis takes special care while pentesting IoT and OT systems to avoid pushing systems offline, while working closely with you to discover potential gaps in security.
Operational Technology (OT) Penetration Test Specifications
- Powered by Raxis One, a secure web interface for all Raxis services
- Support for all OT and IoT systems that operate in some form using TCP/IP, including but not limited to PLC, RTU, ICS, DCS, HMI, SCADA and IoT
- Raxis utilizes the same tools and techniques as a blackhat hacker
- Predictable timeline for the assessment, typically starting at 5 days of effort
- Exploitation, pivoting to other in-scope systems, and data exfiltration in scope
- Special care taken against OT systems due to sensitive TCP/IP stacks
- Executive debrief conference provided, if desired
- Optional re-test to validate remediation
- All Raxis tests are based on the MITRE ATT&CK penetration testing framework
- Meets or exceeds requirements for NIST 800-53, NIST 800-171/CMMC, PCI, HIPAA, GLBA, ISO 27001, and SOX compliance
- Available as a one-time service, multi-year agreement, or continuous monitoring/Penetration Testing as a Service
- Self-managed testing via the Raxis One portal