Cybersecurity
Mizuho banking enhances their cybersecurity defences with Pentera and Appurity
Our client
Mizuho in EMEA is an integral part of the Japan-based Mizuho Financial Group, Inc. Mizuho Financial Group is one of the largest financial institutions in the world, offering comprehensive financial and strategic services through its subsidiaries. The group has over 900 offices and 60,000 employees worldwide in nearly 40 countries throughout the Americas, EMEA, and Asia. Mizuho EMEA’s client base includes leading corporations, financial institutions and state-owned entities. It is a strategic financial partner with a focused objective of helping their clients to connect, succeed and grow.
Background and Challenges
The financial sector operates under stringent regulations requiring robust cybersecurity measures to maintain high customer trust and fulfil compliance obligations. In an era of escalating cyber threats, it is crucial for banks and financial services providers to continuously assess their security posture. In doing so, these organisations can understand potential threats, identify vulnerabilities, and maintain complete visibility over their attack surface. Mizuho’s corporate banking operations in London needed a way to measure and enhance their cybersecurity defences as threats evolve and become increasingly sophisticated.
“The Pentera platform has empowered us with unprecedented visibility into our cybersecurity stance, and allows us to continuously validate our security defences – something we couldn’t easily do with traditional penetration testing. It enables us to make proactive improvements to our cyber resilience through focused remediations, helping to keep us ahead of potential adversaries. We have relied on Appurity for many years to assist with our endpoint device security and management, so turning to them for this continuous testing solution was a natural progression in our longstanding partnership.”
Richard Perry, Managing Director, Information Technology, Mizuho EMEA
Solution
To address these complex cybersecurity challenges, Appurity worked with Mizuho in London to implement Pentera, an Automated Security Validation platform. Pentera’s comprehensive platform automates testing and provides ongoing visibility into the bank’s security posture. The solution includes several key components:
Pentera Surface
The Pentera Surface component of the solution provides a powerful mechanism for external security validation. It continuously maps the bank’s external attack surface, and allows Mizuho to actively track and update its web-facing assets and to see these assets as a potential adversary would. This enables the Mizuho team in London to focus their remediation efforts on the most exploitable security gaps.
Pentera Core
With Pentera Core, Mizuho in London has access to comprehensive reporting and analysis tools that provide detailed management reports crucial for understanding the bank’s security posture. These reports help in diagnosing and disrupting potential attack paths, aligned with the MITRE ATT&CK® framework.
Ransomware Resilience
Mizuho in London can now test its defences against actual ransomware scenarios that mirror real-world attacks, including LockBit, Conti, Maze, and rEvil. This testing is more exhaustive and reflective of actual threats than traditional pen-testing, which only provides a snapshot of security. This continuous testing aims to outpace the evolving nature of cyber threats, providing the bank with a realistic assessment of its readiness against ransomware threats.
Vulnerability Prioritisation
Mizuho in London can identify and focus on the most critical vulnerabilities that pose the greatest risk to its infrastructure. By providing a prioritised list of security weaknesses based on their exploitability and potential damage to the bank, Pentera enables focused remediation efforts. This not only optimises resource allocation but also enhances the effectiveness of Mizuho’s cybersecurity measures by fixing the most pressing gaps first.
Credential Exposure
By leveraging real-world compromised credential intelligence and simulating attacks in a safe, controlled environment, Pentera allows Mizuho in London to validate and remediate vulnerabilities across its entire attack surface – including internal networks and external exposures. This comprehensive testing helps identify active, exploitable credentials, enabling quick, targeted remediation actions. Through continuous monitoring and testing, Pentera ensures that the bank’s credentials do not become a liability, thereby maintaining the integrity and security of the institution’s data and systems.
“Our collaboration with Mizuho in London showcases the power of continuous validation in today’s threat landscape. Through Pentera’s Automated Security Validation platform, Mizuho gains more than just a snapshot of their security posture. This ensures that the bank remains resilient against both current and future cybersecurity challenges.”
Steve Whiter, Director, Appurity
Implementation
The implementation of the Pentera platform was strategically planned and executed to ensure minimal disruption to existing operations. The bank worked closely with Appurity, leveraging a longstanding partnership based on previous collaborations on endpoint device security and management. Appurity’s approach allowed for careful integration of Pentera’s capabilities into their existing infrastructure and framework, and the solution was up-and-running within a few weeks.
Outcomes
The introduction of Pentera’s Automated Security Validation platform has significantly enhanced the bank’s cybersecurity capabilities. It has enabled:
- Improved Security Posture: Continuous testing and real-time insights into the bank’s vulnerability to sophisticated cyber attacks.
- Proactive Defence Mechanisms: Advanced preparation and response strategies for potential ransomware attacks and credential exposures.
- Actionable Insights: Detailed reports that guide the remediation processes and improve the overall security infrastructure.