Certus is a leading provider of online training and certification solutions for individuals and organizations across various industries. Given its large customer base and valuable intellectual property, the company prioritizes robust cybersecurity to safeguard assets and maintain customer trust. 

As part of their ongoing commitment to security, Certus engaged A-LIGN to perform a comprehensive penetration testing assessment. Certus sought to proactively identify vulnerabilities within its network infrastructure and applications that could be exploited by malicious actors. A-LIGN’s penetration testing simulated real-world attack scenarios, evaluated existing security controls, and provided actionable recommendations to strengthen Certus’ cybersecurity posture. By identifying and mitigating potential weaknesses, Certus can now fortify its defenses, maintain customer confidence, and protect sensitive data from unauthorized access. 

The Challenge for Certus’ Cybersecurity Infrastructure  

Certus proactively sought a partner for comprehensive penetration testing to ensure they maintained the highest levels of cybersecurity. The key reasons for this engagement included: 

1. Evolving Threat Landscape: Certus operates in an industry susceptible to targeted attacks, as cybercriminals seek to gain unauthorized access to systems and exploit vulnerabilities for financial gain. 

2. Regulatory Compliance: The organization is subject to stringent regulatory requirements concerning the security and protection of customer data. Compliance failures could result in severe penalties and damage their reputation. 

3. Protection of Customer Trust: Safeguarding customer trust is paramount to Certus’ success. Any compromise of customer data or unauthorized access could erode confidence and loyalty, leading to customer attrition. 

A-LIGN’s Penetration Testing Methodology and Approach 

A-LIGN’s penetration testing engagement followed a systematic and comprehensive approach, incorporating both external and internal testing methodologies utilizing the NIST and PTES frameworks. 

Planning and Scoping 

The engagement began with defining the scope of the engagement, including target systems, applications, and testing restrictions. The A-LIGN team conducted thorough reconnaissance to gather intelligence on Certus’ digital footprint and potential attack vectors. 

Threat Modeling 

A-LIGN analyzed Certus’ infrastructure and identified potential threats and vulnerabilities based on industry best practices and threat intelligence. The team then developed attack scenarios and mapped them to potential business impacts to prioritize testing efforts. 

Vulnerability Identification: 

To identify known vulnerabilities in Certus’ network and applications, A-LIGN utilized scanning tools and conducted manual testing, including network penetration testing, and web application penetration testing. Then, the A-LIGN team explored various attack vectors, such as injection attacks, misconfigurations, and weak authentication mechanisms. 

Exploitation and Post Exploitation: 

Once vulnerabilities were identified, A-LIGN was able to gain unauthorized access to target systems and applications and assess the effectiveness of existing security controls, such as firewalls, intrusion detection systems, and access controls. Additionally, A-LIGN tested Certus’ incident response capabilities by simulating an attacker and evaluating the detection and response processes. 

Reporting and Recommendations: 

At the end of the engagement, A-LIGN generated a detailed report outlining the findings, including identified vulnerabilities, their potential impact, and recommendations for remediation. The final report provided clear and actionable recommendations to enhance Certus’ security posture, including measures to strengthen network and application defenses, improve incident response capabilities, and promote a security-conscious culture. 

The Value of Penetration Testing

A-LIGN’s penetration testing engagement delivered several key outcomes and benefits for Certus:

• Vulnerabilities Identification: The engagement successfully identified multiple vulnerabilities within Certus’ network infrastructure and applications. These findings allowed Certus to address the weaknesses before they could be exploited by malicious actors. 
• Strengthened Defense: The comprehensive report and recommendations provided by A-LIGN empowered Certus to implement effective security measures and fortify its defenses against potential attacks. This resulted in an improved security posture and reduced risk of unauthorized access. 
• Enhanced Incident Response: By simulating a malicious attacker, A-LIGN exercised Certus’ incident response and alerting systems. 
• Regulatory Compliance: Penetration testing helped Certus meet the compliance requirements of industry regulations, ensuring the protection of customer data and avoiding potential penalties. 
• Enhanced Customer Trust: By proactively assessing and strengthening their cybersecurity defenses, Certus demonstrated commitment to safeguarding customer data and maintaining trust. This resulted in increased customer confidence and loyalty. 

Penetration testing plays a pivotal role in organizations’ efforts to fortify their cybersecurity defenses. By identifying vulnerabilities, assessing security controls, and enhancing incident response capabilities, organizations like Certus can effectively mitigate risks, comply with regulatory requirements, and maintain the trust of their customers. Regular and comprehensive penetration testing is an essential component of a robust cybersecurity program in today’s threat landscape. 

Next Steps 

To learn more about how A-LIGN can help your organization through a variety of cybersecurity compliance assessments and audits, fill out this form and an A-LIGN expert will reach out to you within 24 hours. 

About Certus

Certus is a leading professional training and certification platform that provides content, simulations and compliance solutions for regulated end-markets through its suite of brands and companies. Its best-in-class technology platform and content library enable enterprises, learners, professionals and government entities to get from where they are to where they want to be.