Operational Technology (OT Security)

Before we travel to the facility we will prepare for the on site visit by conducting document reviews, a Network Architecture, and discussions with your team. The goal is to familiarize ourselves with your product and develop a plan of action in advance. This preparation ensures we can make the most of our time onsite.

After gathering information, the next step involves planning and setting penetration testing objectives, agreed upon by both the tester and client. The pentester must fully understand the OT system, including its mission-critical components, functionalities, and end users. Key tasks include reviewing system documentation, researching products and vendors, and identifying known vulnerabilities and default credentials.

We will conduct a cybersecurity assessment and penetration test at your facility. Our assessment will identify all communication points in the OT system—such as Ethernet, Fiber, WiFi, USB, Serial Port, and HDMI—along with associated vulnerabilities and their exploitation. We will promptly inform you of any critical findings. For a thorough evaluation, we recommend executing each exploit individually during the security testing of OT networks or devices. This method helps identify the root causes of any unexpected failures. If an issue arises, we will immediately halt testing and notify you. We will aim to exploit all components within the OT network, including network infrastructure, host operating systems, PLCs, HMIs, and workstations, following standard practices in traditional network penetration testing.

The reporting phase is where pentest findings transform into action. Every vulnerability identified by Kratikal's security experts is documented, prioritized, and ranked within AutoSecT, giving stakeholders not just data, but a clear, evidence-backed, decision-ready roadmap. Findings are presented with full context, severity scoring, exploitability, and asset-level detail, so teams can interpret results instantly and align on what matters most. At Kratikal, reporting is treated as the most critical stage of the engagement; expert-led findings are delivered through AutoSecT, which also acts as a vulnerability management platform as a value-added service, so you know exactly where you stand and exactly what to do next.

AutoSecT's AI-based patch recommendations transform your remediation process by making it faster. For every vulnerability, the platform generates intelligent, context-aware remediation by analyzing the nature of the flaw, its potential business impact, and threat level. Rather than leaving developers to sift through generic advisories, AutoSecT also cuts through the noise. Its AI engine prioritizes vulnerabilities by real-world risk, helping teams resolve issues faster and far more efficiently than manual triage allows.

The purpose of this assessment was to re-test all findings from the first round of penetration testing. During this re-testing, we provide updates on whether vulnerabilities are fixed, not fixed, or out of scope. The aim of this re-testing is to ensure that no vulnerabilities remain after the patching process, preventing attackers from exploiting any flaws in the application that could compromise your organization's security. The results from this round of re-testing will help the organization improve the security features of the medical devices. Significant findings from the assessment were communicated to management during or after the assessment, depending on the nature and risk level of each finding.