Underdefense Pentesters Saved the Client over $2M per Day by Detecting Critical & Medium Vulnerabilities on Time

Key Results


Vulnerabilities discovered


Expected daily losses in case of business interruption


Our client is a global enterprise and a leader in the art supply industry, offering a diverse range of related products. They have expanded their market presence through strategic acquisitions of iconic brands.

The Challenge

Being a multinational manufacturing conglomerate, our client faced several pressing challenges regarding cybersecurity, including the following:
  • Vulnerability:The manufacturing industry was in the top 5 victim industries, according to Verizon’s 2023 Data Breach Investigations Report. The industry experienced 1814 incidents and 259 confirmed data breaches globally. Moreover, hackers were driven by financial motives in 96% of cases. All of that raised significant concerns for our client.
  • Decentralized network:The size of this distributed network, which encompassed around 600,000 hosts and servers, evolved into an issue that had to be addressed. Obviously, this could translate to 600,000 entry points for hackers.
  • Legacy: The client had acquired numerous multinational manufacturing companies, each with its own tech stack and often outdated technologies. Despite efforts to consolidate these networks into one comprehensive system, there was a severe lack of visibility and documentation. This led to situations where administrators had little to no knowledge about specific subnets.
  • Impact on employee performance: While the network challenges didn’t directly affect core business processes, they did reduce employee productivity. Slow or disrupted connections within the internal network frustrated employees and prevented them from working efficiently. Fear of potential attacks by ransomware groups and advanced persistent threats (APTs) loomed due to the lack of network visibility and monitoring.
With these issues at the forefront, the client started looking for a pentest company. First, they wanted to understand the threats and attacks targeting their systems, so they needed adversary simulation. Additionally, they considered vulnerability assessment to proactively identify weaknesses within their network and systems to address potential security gaps.

About the client


Heathrow, Florida, USA

Art materials

Project Duration:
5 weeks
Technologies and Tools:
VMWare Windows AD\Azure AD SAP Kaspersky ManageEngine ADManager
Company Size:

7000+ employees
170,000+ IP addresses

Annual Revenue:
$3.25 billion (2022)

The Solution

The client initially reviewed several penetration testing providers, exploring options to enhance their cybersecurity posture. The decision to partner with UnderDefense was based on a comprehensive evaluation of the company’s reputation and numerous customer reviews on independent platforms.
UnderDefense’s primary goal within this project was to provide the customer with an insight into the current security level of their network. We began by focusing on the client’s primary need: penetration testing of external and internal network perimeters. We identified the client’s main pain points through a series of technical pre-sales calls. Also, we created a comprehensive security roadmap to guide further security enhancements. Our team communicated clearly with the client and oversaw general network pentest activities. We conducted specialized testing, such as SAP and Active Directory assessments.
We completed the “Gray Box” penetration testing with the list of specific objectives and revealed existing problems:


Revealed problems

Detecting potential risks, particularly the risk of a ransomware attack

  • Critical severity risk caused by multiple outdated IT systems

Identifying network-based threats and vulnerabilities in the Active Directory

  • Critical security controls were not in place to meet best practices and protect organizations from instant malware attacks

Checking for cyber hygiene

  • Lack of regular patching and updates
  • Weak authentication and access controls
  • Lack of regular security monitoring and auditing
  • Network segmentation based on Zero Trust principles was not in place

Comparing the customer's security measures to industry best practices

  • Ineffective Incident Response plan
  • Lack of continuous Threat Hunt & Threat Intelligence monitoring
Given the specifics of the client’s network, there was a real risk of disrupting network activity during certain tests. Fortunately, our team’s meticulous planning and agile problem-solving abilities allowed us to prevent such situations.

Scope and timeframe

Testing and verification were conducted remotely over a 5-week period. The project’s scope was limited to the internal network, and the tests were carried out using a production version of the network. All other servers were considered out of scope.



Internal/external network scope

Active Directory, Internal Network Servers including SAP systems

Network devices scope

L2/L3 Network Devices

Wi-Fi testing scope

Wi-Fi networks (6 SSIDs)

SAP testing

SAP NetWeaver application, SAP J2EE engine, SAP SOAP API, SAP Main database

Findings overview

Our assessment revealed 72 critical and high vulnerabilities within the client’s network infrastructure that required immediate attention and remediation. They posed significant risks to the organization’s defense and could potentially lead to data breaches and other security incidents.
The following infographic illustrates the vulnerabilities discovered, along with their severity levels:

Business risks

To illustrate the potential damage resulting from data breaches, we typically take additional steps by calculating business risks. Considering the client’s revenue of $751.6 million in 2022, our calculations reveal that the risk associated with business interruption amounts to $2,591,780 per day in direct losses, equating to $107,000 per hour within a 24-hour timeframe.
The table below outlines the various business risks linked to data breaches:


Our partnership with the client yielded significant results in addressing their original challenges. We have provided recommendations that the client can implement to mitigate vulnerabilities and adhere to industry best practices.

Network visibility and control

We have provided a comprehensive view of the client’s network, shedding light on previously unclear aspects. This has allowed them to understand the network’s vulnerabilities better, improving security and control over business processes.

Effective Incident Response plan

Based on the penetration test findings, the business has successfully developed and maintained an incident response plan tailored to its specific vulnerabilities and threat landscape. It encompasses well-defined roles and responsibilities, streamlined communication protocols, and a strategic framework for mitigating and recovering from security incidents. Regular updates ensure that the plan remains responsive to evolving threats identified through the penetration test and adapts to changes in the organizational environment.


Identifying vulnerabilities and potential entry points for attackers translates into fortified defenses for the client, contributing to their cost-effectiveness. The client has not only received a comprehensive assessment of potential financial losses from cyberattacks but also gained proactive measures to mitigate these risks. In the event of a cybersecurity breach, our strategic approach minimizes financial setbacks related to theft, fraudulent activities, or expenses associated with incident resolution. This includes mitigating fines, legal fees, compensation, and indirect repercussions such as reputational damage, loss of customer trust, and revenue.

Enhanced cybersecurity measures

To improve the security of critical endpoints and servers, the client has adopted the following recommendations:
  • Deployed EDR tools for immediate threat protection on critical endpoints and servers.
  • Introduced multi-factor authentication and robust password policies, including complexity requirements, length, expiration, and history.
  • Prioritized system patching based on vulnerability findings, with compensating controls for cases where patching is not feasible.
  • Subscribed to threat intelligence feeds for early detection of compromised emails/accounts and dark web exposure of critical data.
  • Conducted remediation testing of the internal network.
  • Initiated biannual penetration tests, including social engineering, to ensure proper security thresholds.
  • Established a security awareness program to educate employees and foster a security-conscious culture within the organization.
Looking ahead, we plan to continue our partnership by implementing a Managed Detection and Response (MDR) solution for proactive threat management. Our ongoing support and readiness to assist with the client’s cybersecurity needs remain steadfast should they decide to move forward with further enhancements to their security posture.