Case Study: Bell and Howell Improves Cyber Posture with Echelon’s Unique Collaborative Approach to Pen Testing
Bell and Howell is a global provider of comprehensive manufacturing automation solutions with a complete portfolio of outsourced service offerings. Headquartered in Durham, N.C., Bell and Howell has more than 800 highly skilled field technicians, 24/7 customer service and technical support centers, as well as advanced remote monitoring and diagnostic capabilities.
As a service-focused organization, Bell and Howell invests in the tools, technology, and training to help customers increase efficiency, reduce costs, and improve their customers’ experience. Their services focus mission means they have been heavily investing in their organizational cybersecurity.
Bell and Howell partnered with Echelon Risk + Cyber to simulate an adversarial cyberattack against the organization. The goal of the program was to test the security of their systems, ensuring that they will continue to be protected from future cyberattacks and avoid any future disruption to their systems.
The Testing Process – With a Focus on Collaboration
Echelon’s team performed a multi-phased adversarial emulation exercise to evaluate Bell and Howell’s cyber resilience through realistic attack scenarios. These testing scenarios were applied using different red teaming tactics that simulated modern attack techniques, such as realistic phishing attempts and social engineering, as well as advanced on-network tactics, techniques and procedures.
The goal of these types of tests are to discover Bell and Howell’s vulnerabilities and to resolve those vulnerabilities well before any malicious actors would ever have the opportunity. The testing took approximately three weeks to complete.
Bell and Howell was able to make immediate improvements – during and after Echelon’s testing. Through on-site collaboration, Bell and Howell’s lead engineers were active in observing testing alongside Echelon team members. Step-by-step, they were able to follow along and understand how Echelon’s unique offensive security methodology helped them see security flaws clearly, and fix them immediately.
“Having our lead engineers active in observation alongside Echelon team members was a crucial part of this engagement,” Craig Overton, VP IT & Facilities at Bell and Howell said. “This allowed our team to operationalize any take-aways from the testing in real-time, significantly decreasing the time-to-value as well providing insights on mitigating advanced threats that we could implement organization-wide.”
The Outcome – Improved Security with a WFH Flavor
During a time when working from home is more common, Bell and Howell wanted to ensure that the way employees worked remotely, and accessed the network, remained secure in this environment. Echelon performed testing to determine how to improve security in that area and implemented testing scenarios to ensure that the work from home environment has been fortified.
Given their goals, there were specific areas called out by the Bell and Howell and Echelon teams as core areas of testing focus, and Echelon was able to make recommendations to strengthen these areas against attacks:
- VPN Security
- Endpoint Security
- Email Security
- Network Security
The social engineering campaigns also revealed how Bell and Howell could better fine tune their anti-phishing posture and related products against email social engineering types of attacks. An additional area of email improvement included adjusting how external emails looked to Bell and Howell employees.
Future Vision – Always Lead in Security
Bell and Howell valued the partnership with Echelon and is committed to continuing their security education and implementation. Future testing will be planned to ensure Bell and Howell is leader in security and that their customers do not experience any disruption of service related to security vulnerabilities.
“Echelon’s scope and approach to the testing, with enhanced collaboration, was unique in comparison to other vendors. Their knowledge of hacking tradecraft, internally developed toolsets, and approach to testing allowed us to find our vulnerabilities and quickly resolve them. We look at Echelon as an extension of our team now and for all future testing engagements to ensure we are always a leader in security.”
- Craig Overton, VP IT & Facilities at Bell and Howell