S2W said on the 6th that it will expand its Cyber Threat Intelligence (CTI)-based "penetration testing" business.
As the adoption of cloud and SaaS (software as a service) has recently increased, corporations' IT environments have become more complex, and it has become difficult to identify security vulnerabilities with regular inspections alone. In fact, many security incidents were found to stem from basic causes such as already known vulnerabilities or configuration errors.
S2W operates a penetration testing service that combines digital risk protection (DRP), attack surface management (ASM), and threat intelligence (TI) so corporations can continuously inspect their attack surface. It identifies vulnerabilities in systems and checks the level of security response based on real-world attack scenarios.
It also presents vulnerabilities and response measures that should be prepared for from the attacker's tactics, techniques and procedures (TTP) perspective, and includes in the scope of inspection the possibility of attacks using accounts leaked on the dark web.
S2W plans to broaden the scope of penetration testing beyond finance and information and communications to industrial control (OT) and supply chains.
Yang Jong-heon, head of S2W's Offensive Research Team, said, "Penetration testing is the process of verifying the real exploitability of vulnerabilities detected by automated scanning and setting priorities," and added, "The goal is to help corporations identify practical risk factors and strengthen their response framework."