A robust VAPT strategy enables a leading real estate and financial services firm to protect $4Bn+ worth of assets under its management

About the client

A privately held real estate investment and financial services firm focused on acquiring, developing, and building relationships with housing, leaders, and organizations. The organization works with several businesses and enterprises, offering services such as mutual funds, sales, leasing, property management, construction management, development, and loan servicing. The organization has empowered more than 2,200 investors through proprietary systems and membership platforms and impacted over 800,000 lives.

Business need

Hybrid work environments, increased cloud adaptability, malware exploits, and innovative phishing attacks have brought new challenges. The organization has extensive business divisions with more than $4 billion worth of assets under management. The need to uphold its business reputation as one of the ‘Fastest growing company’ required the organization to test its product suite’s resilience as early as the development stage.

Business challenge

The organization's execution system strived to help small and mid-sized entrepreneurs scale their businesses in an organized and measurable manner. In addition to helping its customers grow by 10X and delivering the ‘WOW’ experience to them, the firm looked for visibility on its security weaknesses and sought guidance to address them.

With over 40% of cyberattacks targeted at SMBs, the real estate investment and financial services firm sought a robust framework to rigorously access its network infrastructure while maintaining the uptime of all critical services and patching up the vulnerabilities before they were interrupted by external threats. Additionally, the organization needed a solution that ensured the web portal was safe for customer transactions and uploading personal information.

Trigent Solution

The organization invested in Vulnerability Assessment and Penetration Testing (VAPT) to understand and resolve its system vulnerabilities. The organization already had a risk management program in place wherein the security team would focus on identifying the current level of risk.

The organization partnered with Trigent to augment its QA capabilities and find a solution that meets the expected growth and security of the organization. Trigent’s QA experts recommended a full-scope VAPT strategy. The team developed an optimized QA testing strategy for automated and manual hacker perspective assessment, using open-source tools and manual methods to penetrate e-reader software and identify security breach gaps. Furthermore, Trigent's team performed Dynamic Application Security Testing (DAST) of web pages and categories based on several compliance standards such as Open Web Application Security Project (OWASP) top 10 and SysAdmin, Audit, Network, and Security (SANS) top 25.

Trigent enabled the organization to identify and perform all the necessary security testing, such as:

The robust security testing framework further ensured proactive detection and assessment of vulnerabilities and threats, managed security audit reports, and prioritized action plan reports of security-related recommendations.