Skip to main content
New InterSec is now ISO/IEC 42001 certified for AI management systems Read the announcement
Book a Call
Security Architecture & Engineering
Cybersecurity Advisory
Threat & Vulnerability Management
Compliance Services
Managed Security Services
Cyber Workforce Development
The Company
How We Engage
Capability Statement

Download our Capability Statement for a complete view of InterSec.

Download Now
Learn & Apply
Research & Outcomes
News & Updates ISO/IEC 42001 Certified

The latest milestones, trends, and analysis from the InterSec team.

Read the latest

Client Success Story

ICS-Aware Penetration Testing for a Global Industrial IoT Provider

An IIoT provider serving 52,000+ customers and handling 39+ billion data readings ran on industrial control protocols that standard penetration tests routinely miss. InterSec built ICS-aware testing that surfaced critical vulnerabilities and cut major exploitable flaws by 90 percent.

Download the Case Study Read the Story
Penetration Testing Commercial Completed
90 %
Reduction in major exploitable flaws
Deep, ICS-aware testing across sensors, gateways, and protocols a standard scan passes over.
Critical vulnerabilities found before they could be exploited
Device security strengthened across 52,000+ customers
Remediation steps and knowledge transferred so the gains hold
Client
Global IIoT provider (since 2010)
Sector
Commercial
Scale
52,000+ customers; 2,000+ device SKUs
Headline Result
90% fewer major exploitable flaws
01

The Challenge

Securing a large inventory of devices, many running specialized industrial control protocols, demanded an approach that went deeper than a typical penetration test. The intricacies of ICS channels are exactly what conventional scanning overlooks, and missing them could disrupt critical data flows.

Expansive attack surface
Thousands of devices spread across diverse environments.
ICS protocol complexity
Standard tooling passes over specialized industrial channels.
High-value operational data
Reliability and uptime could not be sacrificed for the test.
02

The Approach

InterSec drew on deep ICS expertise to tailor the testing to these protocols rather than running a generic assessment. Three choices shaped the work.

01
Build custom ICS scenarios
Target Modbus, DNP3, and RS-232 directly rather than relying on generic scans.
02
Prioritize by risk
Start with the devices carrying the highest operational impact.
03
Coordinate to minimize downtime
Work closely with the client's IT and DevOps teams so live operations kept running while testing ran.
03

The Solution in Practice

InterSec stood up a specialized testing lab that emulated real industrial conditions, so threats could be simulated accurately without putting production devices at risk. Within that environment the team probed hardware, firmware, and network flows for the weaknesses an attacker would look for, going past surface scanning into the components themselves. The engagement did not end at a findings list: InterSec delivered detailed remediation steps and ICS security practices, transferring the knowledge the client's teams needed to sustain the improvements.

Mirroring real industrial conditions in a lab let the testing go deep without risking the uptime customers depend on.

04

Results & Impact

The deep-dive approach surfaced critical vulnerabilities before they could be exploited, protecting the data streams that tens of thousands of customers rely on.

Major exploitable flaws were reduced by 90%, through focused remediation.
Device security was strengthened across the base of 52,000+ customers.
The work demonstrated a clear commitment to safety and reliability in a competitive IIoT market.
05

Key Takeaways

Generic penetration testing misses ICS
Industrial protocols like Modbus, DNP3, and RS-232 need test scenarios built for them, or their vulnerabilities go undetected.
Lab emulation protects production
Mirroring real industrial conditions lets testing go deep without risking the uptime customers depend on.
Prioritize by operational impact
With thousands of devices in scope, testing the highest-impact ones first turns an unbounded surface into a focused plan.
A test is only as useful as its remediation
Detailed fix steps and knowledge transfer are what convert findings into a durable security gain.
Capabilities Demonstrated
ICS & IoT Penetration TestingIndustrial Control Protocol Expertise (Modbus, DNP3, RS-232)Lab-Based Hardware & Firmware AnalysisRisk-Based Vulnerability PrioritizationDowntime Minimization

Working With InterSec

If your devices speak industrial protocols, a standard test misses what matters most.

InterSec builds ICS-aware testing that finds the flaws conventional scans pass over, then hands your team the fixes. Let's scope an engagement.

Book a Call Download This Case Study

More Case Studies

Explore related work

View all
Penetration Testing Commercial
A Bug Bounty Program That Cut Critical Vulnerabilities by 75% for a Wealth-Intelligence Platform
Read case study
Penetration Testing Federal
Red Teaming and Penetration Testing for the Administrative Office of the U.S. Courts
Read case study
CMMC Readiness Defense Industrial Base
From an SPRS Score of -203 to Assessment-Ready: Multi-Site CMMC Level 2 for a Navy Ship-Repair Prime
Read case study