Cyprus-based cyber security company Epsco-Ra has launched a new penetration testing service for the maritime sector, to assist vessel operators in highlighting vulnerable areas in a ship’s networks and recommend action to deal with any issues discovered.
Known as RASP (Rapid Attack Simulation PenTest), the company says that the process takes about 24 hours to produce a full report with quantitative scoring, threat matrix, endpoint configuration analysis, firewall and network assessments as well as malware and command and control simulation.
“The beauty of the system is that it is carried out remotely and is based on the observation we have made that people spend a lot of money on pen testing before they have their core controls optimised or are even off their system’s default settings. So, we said let’s test those first and give the whole process a lot of value,” said Andreas Ioannou, Managing Director of Epsco-Ra.
“So, when you execute a RASP you download it from us and we work with someone on board and start to test how well your firewall functions and how well it is configured. We test the anti-virus software to see how up to date and functional it is and then we do a vulnerability assessment scan on the bridge network.”
“With all that data we can assess how well the vulnerability management process is doing. How is your configuration management doing? How is your core control configuration doing? And then we wrap that up into a quantitative score and outline where you can improve, what areas you performed well in and areas not so.”