To ensure its real-time AI platform could withstand sophisticated threats, a global SaaS company partnered with Bishop Fox for its first full red team assessment. Ensuring the security of this infrastructure is essential not only to customer trust, but also to public safety.
As a leading U.S. energy provider, Bishop Fox’s customer is responsible for critical infrastructure across multiple states and millions of customers. Operating in sectors including natural gas, nuclear, coal, and renewables, the company is a vital link in the nation’s energy chain, playing a critical role in everyday life—and relies on Bishop Fox’s Attack Surface Management managed service to help protect its public-facing infrastructure.
The Fortune 500 U.S. energy company delivers electricity and utilities to millions of homes and businesses through a network of subsidiaries. It operates some of the country’s most vital infrastructure from transmission grids and gas pipelines to power plants and control systems, making cybersecurity a matter of public safety.
With nation-state actors routinely probing for weaknesses and regulatory frameworks tightening, the company’s offensive security team plays a crucial role in keeping services reliable and communities safe. Their job isn’t just to respond to threats; it’s to spot vulnerabilities before they become problems and build systems resilient enough to withstand constant pressure.
“We’re in critical infrastructure, with malicious nation-state actors knocking on the door every day. It’s quite scary.”
— Security Engineer
Since 2020, the team has relied on Bishop Fox’s Attack Surface Management managed service to track its external perimeter, uncover shadow assets, and validate vulnerabilities with confidence. What started as a way to build a better asset inventory has grown into a foundational layer in the company’s broader security strategy, helping them respond faster, plan smarter, and stay ahead of modern attackers.
“My job is to make sure when customers come home, their lights turn on, their fridge stays cold, and the heating works. We take these things for granted, but civilization would break down very quickly without them.”
— Security Engineer
Like many organizations protecting critical infrastructure, the energy provider sought comprehensive visibility into its external attack surface. But with multiple operating companies across several states and a wide range of technologies in use, gaining a complete inventory of internet-facing assets was a significant challenge.
The company’s small but growing offensive security team needed a solution that would provide a reliable view of their external perimeter and how it could potentially be attacked. This was especially crucial given the heavily regulated nature of energy utilities, with requirements from the National Electric Reliability Council’s (NERC) Critical Infrastructure Protection (CIP) standards and Transportation Security Administration (TSA) security directives mandating rigorous security controls.
Meeting these obligations while continuing to protect customers and maintain reliable service required more than manual processes or reactive scans. They needed continuous, validated insight into their perimeter.
“We really needed to build a solid asset inventory and be able to identify vulnerabilities and exploits through the techniques that attackers use.”
— Security Engineer
The energy company selected Bishop Fox's fully managed service for Attack Surface Management as its first dedicated investment for tracking externally facing systems and vulnerabilities. What began as a technical implementation quickly evolved into a trusted partnership with the Bishop Fox team becoming advisors in the utility's growing security program over the last five years.
“The service works really well, and the Bishop Fox team has always taken care of us. We’ve never had a reason to look elsewhere.” — Security Engineer
The company considers the service a cornerstone of its proactive security strategy, relying on Bishop Fox to continuously discover its external attack surface, identify exposures, and alert them to highly exploitable emerging threats. Unlike a tool, the service is delivered by tech-enabled security experts who validate asset ownership, as well as verify the exploitability and business impact of all exposures. As a result, the team can act confidently on real findings and avoid alert fatigue.
"Bishop Fox’s constant effort to maintain testing for both old and newly identified exploits stands out. Every day new vulnerabilities and threats come out, so having a development team dedicated to creating that testing is invaluable."
— Security Engineer
Support from Bishop Fox has been consistently hands-on. From ad hoc requests to strategic reviews, the team’s responsiveness and expertise have helped maintain momentum and secure ongoing stakeholder buy-in. In addition to real-time, detailed findings and dashboarding in the Bishop Fox portal, quarterly service reviews provide internal leaders strategic guidance and additional context they can communicate to their executive leadership team.
“No news is good news, but it’s easy to forget that. The service reviews help shine a light on everything happening in the background, all the work that’s usually invisible.” — Security Engineer
The Bishop Fox managed service has delivered high-impact results across both daily operations and critical response scenarios. It gives the security team a real-time view of its external perimeter, enabling them to maintain a trustworthy asset inventory and respond quickly to new threats.
Even in the absence of major incidents, the service provides daily value by maintaining a real-time view of exposures, surfacing new assets, and reducing the manual effort required to answer asset-related questions from internal teams.
That value became especially evident in October 2024 when Bishop Fox detected and immediately flagged a critical vulnerability in one of the company’s operational monitoring systems: an exposure that, if left unaddressed, could have posed serious risk to infrastructure reliability.
“Without Cosmos, we wouldn’t have easily found that vulnerability which increases the odds someone else would have. Cosmos gave us what we needed to act fast.”
— Security Engineer
Drawing on the detailed findings published in the portal, the team quickly assessed the scope of the issue and looped in Bishop Fox for additional analysis and validation. With both internal stakeholders and Bishop Fox testers collaborating in real time, the team was able to identify the root cause and initiate a remediation plan, all within just three hours of initial detection.
This rapid, coordinated response neutralized a potentially high-impact threat before it could be exploited.
“Bishop Fox gives us the best view of our perimeter: what’s externally facing, how it could be attacked, and how to maintain a reliable asset inventory. It is rigorous in validating any findings.”
— Security Engineer
“We got the alert, pulled the report, spun up a tiger team, and brought in Bishop Fox within the hour for deeper support. Within three hours, we’d identified the issue and put a solution in motion.”
— Security Engineer
In today’s constantly evolving threat landscape, visibility, speed, and trust are essential. For this Fortune 500 energy provider, Bishop Fox’s managed service delivers exactly that by providing continuous monitoring, expert validation, and responsive collaboration to strengthen security across its external perimeter.
Whether navigating a real-time security incident or planning long-term improvements, the team operates with confidence, backed by a partner that helps turn insight into action. This case proves that with the right team and support, proactive defense isn’t just achievable, it’s transformative.
Learn more about Bishop Fox Solutions for the Energy and Utility industry.
Attack Surface Management: Measuring Real-World Impact
Our experts explain how to tell if your ASM is effective, what teams often miss, and why it’s more than just tracking known vulnerabilities.
Cosmos Attack Surface Management (CASM) Datasheet
| Learn how this innovative managed service combines advanced attack surface technology with expert-driven testing to help you quickly close the window of vulnerability and strengthen resilience against ever-changing threats. |
2026 GigaOm Radar for Attack Surface Management
Get an overview of the 2026 Attack Surface Management (ASM) market — along with the key features and business criteria met by the top solutions — and learn why Bishop Fox was named Leader and Fast Mover by the analysts at GigaOm.
This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.