The Challenge
DECTRIS, a manufacturer of cutting-edge X-ray and electron detectors, recently developed DECTRIS CLOUD, a global platform for scientists to collaborate. Considering that a single experiment can generate upwards of 50 terabytes of data, the platform aimed to streamline data management, processing, and insight generation. However, with this ambitious move into the cloud, a critical question arose: was the DECTRIS CLOUD platform secure? Recognizing the importance of data security for their users, including academic institutions and pharmaceutical companies, DECTRIS knew it needed rigorous security validation. Guaranteeing the security of their platform was not just a technical requirement, but a business imperative. As a new offering, the DECTRIS CLOUD platform had never been subjected to dedicated pentesting, leaving a potential blind spot in DECTRIS’s security posture.
The Solution
DECTRIS’s security team found the Cobalt Offensive Security Platform to be user-friendly, with its capability to plan and initiate a pentest efficiently. Cobalt pentesters provided real- time updates and immediate notifications of any security findings via Slack. Patrik Skuza, Cloud Engineer at DECTRIS, said: “I was particularly impressed with the speed of communication during the pentest. The constant feedback loop allowed us to understand and address potential vulnerabilities quickly.” Furthermore, the fast turnaround time for retests was another advantage. DECTRIS could start a retest in as little as 24 hours, for swift validation of their remediation efforts.
The Results
The initial pentests on DECTRIS’s internal and external networks and a subsequent web application pentest uncovered vulnerabilities that the security team was previously unaware of. Patrik said: “The pentests were really insightful. They highlighted vulnerabilities in both our network and web application that we hadn’t detected ourselves. It showed us the value of having that external perspective, even after our own security checks.”
Some findings included outdated software versions and the potential for unauthorized access to resources. Notably, the web application pentest revealed a privilege escalation vulnerability, which allowed users to gain elevated privileges. Addressing these findings immediately enhanced the security of the DECTRIS CLOUD platform.
The partnership with Cobalt fostered a more security-conscious development culture within DECTRIS. The pentest results prompted a reevaluation of how to embed security deeper into their development practices.The pentests and remediation of identified issues also provided DECTRIS with a clearer understanding of their system’s architecture, including its boundaries and access controls. This knowledge aided in the creation of more effective architectural documentation.
For DECTRIS, working with a reputable global leader like Cobalt brought an invaluable sense of assurance. Patrik noted: “Knowing that Cobalt is a major player in the cybersecurity field gave us added confidence. Their reputation definitely resonates with our market and reinforces our commitment to security.”
