Client Background
Carlsberg Group is one of the leading brewery groups worldwide. Over 40,000 people work for Carlsberg, and its products are sold in more than 150 markets worldwide.
Carlsberg Ukraine includes breweries in Kyiv, Zaporizhzhia and Lviv. The portfolio includes beer, alcoholic and non-alcoholic beverages of brands as Lvivske, Robert Doms, Carlsberg, Tuborg, Kronenbourg 1664, Arsenal, Kvas Taras, Somersby, Guinness, Seth&Riley’s Garage, Warsteiner, Grimbergen etc.
Project trigger
Firstly, for prevention purposes, and secondly, to comply with the parent company’s requirements and internal cybersecurity policies.
Since the initial development of corporate IT decades ago, Carlsberg has continuously invested in protecting its IT infrastructure, including through independent and regular pentesting.
Solution
XRAY CyberSecurity has conducted many penetration testing assessments over 10 years of business relationship, including External Pentest, Internal Pentest, Wi-Fi Pentest, and Social Engineering.
Pentests were carried out against a variety of IT systems located in different Customer`s locations and modeling different attackers, including Blackbox, Graybox tests.
Methodologies
Our pentesting methodology is based on leading standards like PTES, NIST SP 800-115, OSSTMM, OWASP and improved by our own 15 years of experience.
Tools used
During pentesting, a full set of common pentester tools was used, but the main key to success was manual analysis, interconnecting individual vulnerabilities exploitation results to escalate privileges and demonstrate practical IT-infrastructure compromise.
Results
Based on each penetration testing project’s results, in addition to the Technical and Executive reports, an Action plan was developed with the Customer’s team to prioritize tasks to improve protection level, considering the company’s available human and financial resources.
The final re-tests confirmed the quality and timeliness of implemented vulnerability fixes.
