Skip to content

Customer Case Study:
Continuous Automated Red Teaming (CART)

Customer Profile

Customer is a Multinational corporation that provides business consulting, IT, outsourcing services and next-generation software services. It is one of the largest public companies in India.

  • Industry: Consulting, IT/ITes
  • Employees: 150,000+
  • Products: FireCompass RECON, FireCompass ATTACK

Business Challenge

Challenge 1: Manual Red Teaming exercise was time taking


Challenge 2: Shadow IT Assets Unknown To Security Team

Engineering/marketing team created multiple online applications/systems as per their need without informing the security team. Past employees did not document all systems they took online.


Attack Surface Discovery:

  • Domains/Subdomains/IPs/Applications Enumeration
  • Preprod, UAT Systems, Online DBs Identification and Reporting

Attack Surface Monitoring

  • Vulnerabilities (Through Passive Scanning) Monitoring
  • Malicious Infrastructure Monitoring
  • Open S3 Buckets Identification and Monitoring
  • Code Leaks Identification and Monitoring
  • Phishing Domains Monitoring

Red Teaming


Substantial Reduction in Attack Surface

FireCompass support to bring down systems which were not required to be online resulting in substantial reduction of the attack surface

Continuously Updated Asset Inventory 

FireCompass internet wide continuous monitoring tool has helped the customer to have an up to date inventory of their digital internet facing assets which were missing earlier.

Discovery and Mitigation of Unknown Shadow IT Risks 

FireCompass helped the customer to track the exposed digital assets including:

  • 50+ preprod, staging and testing systems
  • 100+ unused domains/subdomains, some of which were susceptible to hijack/takeover
  • Exposed documents & files
  • Compromised / malicious infrastructure
  • Exposed backend APIs


Identification of open online codes & sensitive information

  • Identified leaked data/database including open S3 buckets & online vulnerable systems
  • Identified code & sensitive information that were open to public access that includes public github repositories


FireCompass RECON identified publicly available sensitive information and codes which helped customer to bring it down.

Near Real-time Monitoring of Digital Risks 

FireCompass helped them to monitor their attack surface on a daily basis, reducing chances of missing out new risks, and notified about some of the critical risks in pre prod applications, online systems with vulnerabilities, leaked credentials, risk in their subsidiaries ..etc

"To our surprise, the tool has exceeded our expectations in identifying numerous domains and subdomains that are shown as public, but should be private ..."

Get A Hacker's View Of Your Attack Surface

Get a free report of your organization’s attack surface from a hacker’s viewpoint (Unsanctioned Cloud Assets, Digital Footprint, Phishing Risks, Misconfigured Infrastructure & more.) * Limited number of assesments

About FireCompass

FireCompass is a SaaS platform for Continuous Automated Red Teaming (CART) and Attack Surface Management (ASM). FireCompass continuously indexes and monitors the deep, dark and surface webs using nation-state grade reconnaissance techniques. The platform automatically discovers an organization’s digital attack surface and launches multi-stage safe attacks, mimicking a real attacker, to help identify breach and attack paths that are otherwise missed out by conventional tools.

Request Demo