“Many vendors would have failed to add value in our environment – Bishop Fox didn’t. They proved they can handle bleeding-edge companies.” – Senior Director of Cybersecurity

Customer Overview

As a global SaaS company focused on risk intelligence, this Bishop Fox customer helps government agencies and Fortune 500 companies monitor real-time events, protect critical operations, and coordinate effective crisis responses.

Operating entirely in the cloud and leveraging advanced technologies like Kubernetes and containerized systems, the company has built a modern, scalable infrastructure to support rapid innovation. Ensuring the security of this infrastructure is essential not only to customer trust, but also to public safety.

The Challenge

Like many high-growth SaaS companies, the customer had built a lean but capable internal security team responsible for protecting its modern AWS-based infrastructure. While regular internal testing and traditional penetration assessments were already in place, company leadership recognized the need for deeper, more adversarial testing to ensure resilience against sophisticated threats.

The customer’s security leadership wanted to achieve the following:

• Validate the performance of both their internal security team and third-party SOC
• Uncover unknown weaknesses that a conventional pen test might miss
• Ensure that any malicious activity would trigger timely, appropriate alerts
• Identify actionable improvements to optimize security investments

“Red team assessments help ensure we’re doing our jobs effectively," says the senior director of cybersecrity. "We needed to know not only where we were vulnerable, but also if our team and our SOC would actually detect and escalate a real threat.”

The company had matured to the point where internal-only testing was no longer sufficient. In a modern environment built entirely on containers and micro-segmentation, it was essential to work with external experts who could navigate those complexities and surface meaningful insights.

"We did this to find the skeletons in the closet. This isn’t for compliance; it’s for real risk reduction." – Senior Director of Cybersecurity 

The Solution

Having previously engaged Bishop Fox for application security testing, the company turned to the firm again when they were ready for a full red team assessment.

After preliminary scoping, Bishop Fox and the customer agreed upon the following goals for the engagement:

• Perform a partial-knowledge external assessment of the customer’s systems, then transition to an assumed-breach red teaming assessment to evaluate detection and prevention capabilities
• Identify vulnerabilities that could increase the customer’s susceptibility to sensitive information disclosure, including customer and employee personally identifiable information (PII)
• Assess the feasibility of an inside attacker escalating privileges from a low-level VPN user to access internal trophy systems and compromise infrastructure

From the start, Bishop Fox stood out for its professionalism, technical expertise, and consultative approach. The engagement began with a deeper scoping session, during which Bishop Fox engineers spent hours understanding the customer’s AWS architecture, business priorities, and threat landscape. Bishop Fox's Red Team then tailored its tactics to simulate two key scenarios: both an external threat (partial-knowledge) and insider threat (assumed-breach) – focusing on real-world attack paths that could compromise critical systems.

“We wanted more than a phishing exercise. We asked Bishop Fox to test the hardest parts of our infrastructure," reflects the senior directory of cybersecurity. "They showed deep technical knowledge and weren’t intimidated by our cloud-native architecture.”

The engagement began with a partial-knowledge external assessment. During this phase, the Bishop Fox’s Red Team successfully password sprayed and compromised an employee account that did not use the client’s supplied identity provider. Through this they gained access to their customer service platform and exposed PII for over 250,000 customers and employees, along with sensitive API keys. Accounts secured with the identity provider were not compromised, and while some lockouts were later observed, the testing activity was not flagged as malicious in real time.

Next, the assessment transitioned to an assumed-breach red team engagement using VPN credentials. Red Teamers identified an internal Docker Registry Container dashboard, which, combined with several internal vulnerabilities, enabled full compromise of the customer’s internal network and root AWS account access. In a simulated container compromise, they deployed a backdoor through an unauthenticated Docker registry and, once the container was deployed via CI/CD, used it to access highly sensitive cloud storage containing private key material and application secrets.

Though internal teams had general awareness due to the partial-knowledge nature of the engagement, at no point during the assumed-breach phase did they detect Bishop Fox’s Red Team’s activities in real time.

"We didn’t just want to see if our systems would break, we wanted to know if our team would actually catch it when they did." – Senior Director of Cybersecurity 

The Results

The engagement delivered exactly what the customer needed: a rigorous, realistic evaluation of its ability to detect and respond to threats, with a roadmap to strengthen defenses moving forward.

Key outcomes included:

• Confirmation of several strong internal practices and controls.
• Identification of critical gaps in secrets management and monitoring.
• Discovery of a high-risk privilege escalation vulnerability in a key internal application.
• Actionable recommendations to improve visibility, alerting, and role-based access.
• Insights that guided budget planning and security roadmap prioritization.

“Bishop Fox gave us peace of mind and a clear direction forward," says the senior director of cybersecurity. "We walked away with practical fixes, long-term recommendations, and the confidence that we had tested our systems at a real-world level.”

Since the engagement, the customer has acted on many of Bishop Fox’s recommendations – including tighter secrets management processes, improved logging, and increased investment in detection tooling. In direct response to the application findings, the customer also began reviewing its access control models to eliminate inconsistencies and ensure permissions were properly enforced.

However, Bishop Fox’s value went beyond technical testing in the customer’s mind. The experience, communication, and professionalism of the team stood out at every stage.

“It was obvious Bishop Fox had done this 100 times before," explains the senior director of cybersecurity. "They were fast, organized, and respectful of our time, and when we had questions, they had real answers. That’s rare.”

The relationship also extended beyond the formal engagement. When the company faced bandwidth challenges for a Kubernetes review, Bishop Fox made trusted partner referrals to ensure the customer stayed on track. That consultative support, even when not directly tied to revenue, solidified a trusted partnership.

The company now plans to integrate red teaming into its annual security program, evolving future tests to include stealthier operations and focus on emerging technologies like Kubernetes.

"This work didn’t just strengthen our defenses; it shaped how we’re budgeting and investing in security going forward." – Senior Director of Cybersecurity

Conclusion

For a fast-moving, SaaS company operating at the intersection of real-time data and public risk, security can’t be reactive. With Bishop Fox’s help, the customer validated its defenses, improved its readiness, and gained the confidence to face the next generation of threats head-on.

“Bishop Fox proved they could handle companies on the bleeding edge," says the senior director of cybersecurity. "Many firms wouldn’t have added value in an environment like ours – but they did.”