Use Case
29.Jul.2021

Cyber power systems strengthens the cybersecurity confidence of its PowerPanel Cloud service through CREST penetration test

Share:
With the advent of the digital economy, Product-as-a-Service has become a key way for manufacturers to innovate and transform. To meet this trend, Cyber Power Systems, Inc. which has designed, produced, and sold power protection products under the brand CyberPower for many years, launched the PowerPanel Cloud solution in June 2020. The new solution enables users to monitor and manage their own CyberPower Uninterruptible Power Systems (CyberPower UPS systems) anytime, anywhere. Lin Yongxiang, senior manager of the software department of Cyber Power Systems, summarized several advantages of PowerPanel Cloud, including support for 24-hour global use, real time alarms, a user-friendly interface, etc.

In addition, it is suitable for all high, middle, and low-grade CyberPower UPS systems and has high security. In order to prove that it has reached a certain level of cybersecurity, Cyber Power Systems has set high-standard testing requirements. Referring to the list of qualified vendors for penetration testing announced by the world-renowned CREST organization, the company entrusted Onward Security, the only recognized company in Taiwan, to conduct a complete inspection of PowerPanel Cloud in accordance with international standards.
Cyber power systems strengthens the cybersecurity confidence of its PowerPanel cloud service through CREST penetration test

Industry-standard and enterprise-trusted penetration testing

Lin Yongxiang said that UPS as a backup power infrastructure is mostly used to protect important devices such as network equipment and database hosts to ensure that key services are not interrupted. Obviously, its importance cannot be overemphasized. Therefore, the PowerPanel Cloud service for remote monitoring and management of UPS must have the highest level of security in order to effectively avoid hacker intrusion and prevent the power structure of the user from being improperly controlled or damaged.

"Cyber Power Systems has always attached great importance to cybersecurity, and we require ourselves to test PowerPanel Cloud with the highest standards," said Lin Yongxiang. The company previously conducted penetration tests on PowerPanel Cloud with the assistance of an external consulting company. However, the consulting company conducted testing according to its own specifications and experience rather than any industry standard. After the test, Cyber Power Systems strengthened the security design according to the modification suggestion, but it is unable to confirm whether the product reached a trusted security level, and there is no objective third-party certification.

As a result, Cyber Power Systems continued to explore some penetration testing standards that are widely used in the world. The company learned about the CREST organization through the professional cybersecurity company - Onward Security. CREST is a non-profit international cybersecurity certification organization with 266 certified companies all over the world. And it is deeply trusted by the financial and high-tech industries. After several evaluations, Cyber Power Systems believed that passing the CREST test would improve the security and reliability of PowerPanel Cloud, so it entrusted Onward Security to perform the test. The company also expected the completion and achievement of the CREST test to increase user confidence in PowerPanel Cloud.
Onward Security is a CREST-authorized laboratory

Onward Security is a CREST-authorized laboratory
 

Professional consultant support assists in formulating the best correction plan

When Cyber Power Systems sought external assistance, it contacted a number of professional cybersecurity companies. In the end, it decided to cooperate with Onward Security, mainly based on the following reasons. First of all, Cyber Power Systems believes that its strengths are not in the field of cybersecurity, and there are many trivial matters and unconverted problems that need to be clarified. The team at Onward Security can help guide Cyber Power Systems to understand these issues through its expertise and standard procedures. Secondly, Cyber Power Systems is eager to seek international cybersecurity standard certification, but most companies fail to give specific proposals for this. Onward Security is the only company that provides a lot of valuable information, such as item-by-item briefings on the international standards available today, and detailed technical communication with Cyber Power Systems, so as to help Cyber Power Systems sort out the most suitable certification options step by step.

Furthermore, Lin Yongxiang said that after the penetration test, the Cyber Power Systems development team may need to perform correction work, and many questions may inevitably arise during the process. For such a hard task, Onward Security promised to provide professional support and help Cyber Power Systems to find the best correction way by means of consulting services. Based on these reasons, Cyber Power Systems chose to establish a cooperative relationship with Onward Security.

When Cyber Power Systems selected the CREST solution, Onward Security immediately carried out a detailed demand interview and responded quickly and accurately to any questions raised by Cyber Power Systems, helping them to speed up the formulation of the most suitable test way. Due to the heavy task of the Cyber Power Systems development team - the work of product development needs to be performed simultaneously during the period, the test schedule has been adjusted many times, but Onward Security fully cooperates. It makes Lin Yongxiang deeply applaud the professional strength and service of Onward Security.

After the preliminary test was completed in February this year, Onward Security submitted a complete report, and listed security enhancement suggestions at different levels (high, medium, and low) according to the urgency of the problem. Next, Cyber Power Systems held an internal discussion to discuss various challenges that may be encountered during the revision process and repeatedly consulted with Onward Security about whether there is a less time-consuming and resource-saving approach that can still achieve the same cybersecurity enhancement effect. The final revision was determined after back-and-forth discussions. After completing the correction, Cyber Power Systems obtained a penetration test report with the CREST mark, which also means that PowerPanel Cloud products have international-class cybersecurity quality.

Cyber Power Systems has sales offices in Europe, America, Asia, Australia, and other places, and has also achieved good sales results in North America, France, Germany, Russia, and other markets. Since the customer base is scattered in various places, it is not appropriate to evaluate the cybersecurity protection of PowerPanel Cloud only based on the local experience of individual consulting companies. Cyber Power Systems, therefore, sought high-standard international-level CREST penetration testing and entrusted Onward Security to perform rigorous cybersecurity testing. It looks forward to obtaining the most complete certification to confirm that its products are secure and reliable so that customers can use the PowerPanel Cloud service with confidence.
PowerPanel Cloud product successfully passed the CREST penetration test
PowerPanel Cloud product successfully passed the CREST penetration test

 

Inquiry

Contact Us
Thank you for visiting us. Please leave your contact information, and we will reply you as soon as we can.
  • Onward Security is committed to your privacy. Your information won't be shared with third parties and is used to contact you about relevant content. You may unsubscribe at any time. For more info, please read our Privacy Policy. By clicking below submit button, you consent to allow Onward Security to store and process the personal information submitted above to provide you the content requested.

Why Onward Security

In-depth Cybersecurity Techniques+

  • Uncovered 40+ zero-day vulnerabilities (CVE)
  • Discovered 3000+ IoT product vulnerabilities

Dedicated to IoT Product Security+

  • 150+ cybersecurity projects in IoT industry
  • Tested 700+ IoT product security

Global Compliance and Certification Capability+

  • 300+ customers / 10+ countries certification obtained
  • Compliance experience in IIoT, medical, automotive, BFSI, and consumer IoT industry
Subscribe to Newsletter:

Verification

Click the numbers in sequence.

WeChat
This site uses cookies to improve your experience and to provide content customized specifically to your interests. By continuing to browse our site without changing your cookie settings (click the Privacy Policy button for more info), or by clicking the Continue button, you hereby acknowledge and agree to our privacy policy and use of cookies.