top of page

Case Study: Automated Penetration Testing

msg.gg

The Medical Specialist Group (MSG) in Guernsey, provide high-quality specialist health services to the community.


Interview with Marc Le Page
IT & Premises Manager
November 2024


 


  • Why did The Medical Specialist Group choose an automated networking penetration solution?

    • Like many businesses we were doing annual penetration testing using traditional cyber security companies. We only did annual testing because it is quite expensive, and you have to wait for weeks sometimes for the results, and when they do arrive, they are already out of date.

    • Now we partner with Baltimore for the vPenTest solution by Vonahi, and 3 months in, we couldn’t be happier.


  • What is different about the automated solution, compared to the traditional approach?

    • We now schedule monthly external and internal network penetration tests. As an IT department it gives us real-time visibility and control. From the first set of tests, the unknown became known to us, and we were able to begin remediation right away. It was fantastic, not only did vPenTest identify the issues, but it also told us how it found them and how to fix them. A few days after the tests have completed, we also receive CREST accredited human validated reports from Vonahi. There are several reports and supporting data, but the team like the Technical Report that prioritises the issues that helps us to focus on what is critical first. I personally, like the Executive Summary Report as it is pitched at a level that I can share with the board without having to spend time trying to explain technical terminology to largely non-technical executives. This frees up time for the remediation activity. Once we have made changes, we can then retest to see how we did.


  • Were there any unexpected benefits?

    • Yes, there were quite a few. Somethings you just can’t fix right away, as the vulnerability may be due to legacy equipment or software, that as a business we still depend upon, and replacing them requires careful planning and budgeting. For those issues vPenTest enabled us to assess and manage our cyber risk in a pragmatic way. Those that posed a real threat were dealt with immediately, whereas those less likely were either mitigated with workaround solutions or risk accepted, and closely monitored.

    • Additionally, there are some purchasing decisions that we will make differently in future. We have discovered that certain manufacturers don’t give the consideration to cyber security that MSG now expect. I won’t name them, but I would offer this advice to anyone asking; if a device can connect to a network, it can be connected to, and as you must be able to control who can connect to it and how!


  • What was your experience of the tests themselves?

    • As vPenTest is Ai driven we were very impressed at the speed in which it was able to complete the tests and deliver such comprehensive results. Additionally, it wasn’t invasive, and we didn’t notice any network performance degradation that we expected to see when we ran the internal tests during office hours.


  • What was the service like from Baltimore Limited?

    • Baltimore has provided us with a platform that has entirely changed our approach to our Cybersecurity management. We now have a level of assurance that was missing before.

    • We approached four different providers of automated solutions before choosing Baltimore. We chose Baltimore because they took the time to understand exactly what we were aiming to achieve and were able to deliver the solution effortlessly and cost effectively.

    • They frequently check in on our progress and deliver friendly and timely ongoing support.


  • Would you recommend Baltimore’s Cyber Security Assurance Services to other businesses?

    • Yes, without question.



bottom of page