How Netragard is revolutionising penetration testing


In the mid 2000s, after realising no technologies were at the time available on the market that replicated cyber-attack techniques used by real-world threat actors, the seed for the creation of Netragard was planted in the mind of Adriel Desautels and the company’s founding team.

The journey to the founding of Netragard for Desautels had its origin in his earlier years, when his path to becoming a hacker began. “My journey as a hacker began at the age of 6 or 7, when my father bought a computer and told me not to touch it. Of course, this only fuelled my curiosity. I started playing LoadRunner – the 1983 game where the player collects gold without getting caught. The game inspired me to start learning how to code.”

From here, Desautels said this curiosity became the driving force that motivated his desire to understand how things worked and how things can often be used for various purposes than the one initially intended. “That outside-the-box, problem-solving mindset is the foundation of how we, at Netragard, think like hackers and use that knowledge to leverage an organization’s cybersecurity. As our slogan says, ‘We protect you from people like us’.”

The inspiration

“In 2006, most penetration testing firms concentrated on fulfilling regulatory obligations that necessited penetration testing,” said Desautels. However, in reality, many of these companies were satisfied by automated vulnerability and manual vetting – but this wasn’t enough for the Netragard Founder.

He explained, “Meanwhile, actual threat actors employed a combination of skill, creativity, intelligence, and manual methods to identify and exploit the vulnerabilities in their victims’ infrastructures at an increasing rate. Therefore, organisations became frustrated because they would ‘pass’ a penetration test only to be breached shortly thereafter.”

After a number of years performing vulnerability research and helping software vendors identify and fix security issues in their products, Desautels was approached to help find a vendor that could perform a realistic attack simulation. “I quickly noticed there was nothing available that could genuinely replicate what the bad guys do,” said Desautels.

To deal with the gaping market need, Netragard was born. Through its creation, the company would seek to provide highquality, manual research-driven penetration testing services that replicate techniques used by real-world threat actors. According to Desautels, this method of testing is the most effective way to identify vulnerabilities in an organisation’s infrastructure and provide effective recommendations to reduce the likelihood of suffering a damaging data breach.

Netragard provides offensive security services tailored to help organisations identify known and novel vulnerabilities in their infrastructure, software, hardware, and proprietary technologies. The company seeks to accurately replicate the techniques, tactics and procedures used by real-world threat actors.

The firm’s services including a wide range of penetration testing services, covering internal and external infrastructures, web applications, mobile software, and proprietary technology. In addition, the company also offers social engineering services including phishing, vishing, smishing and pretexting.

Desautels commented, “Our advanced services involve physically breaching a customer’s facility or building custom offensive technology. We specialise in testing at levels of threat that match or exceed those that our customers are likely to face in a realworld scenario, enabling them to take a truly effective pre-emptive approach to security.

“Our wide range of customized services helps organisations identify their vulnerabilities before they can be exploited by attackers. As a result, Netragard helps companies go beyond simply meeting regulatory compliance requirements. We help them reduce the risk of data breaches, data loss and other security incidents that improves the organization’s overall security posture.”

Netragard’s USP

As for what sets Netragard apart from its competitors, Desautels underlined that his company is one of the most well-established penetration testing firms in the industry. “We understand that cybersecurity should be a business enabler, by preventing damaging security incidents – not an inhibitor, by adding additional burdens on employees.”

He highlighted how the company’s real-time dynamic testing methodology is at the heart of its penetration testing services and is derived from over a decade of experience in performing zero-day vulnerability research and exploit development. The firm’s research-based methodology facilitates the discovery of known and novel vulnerabilities in infrastructures, software, hardware and even tech that may be missed using traditional methods.

“Our services are highly customizable and flexible,” said Desautels. “We meet our customers’ specific needs and goals by using purpose-built tools and innovative techniques to identify and exploit vulnerabilities in a realistic, real-world scenario.

“We also strive to build long-term relationships with our customers and gain a deeper understanding of their challenges to help them achieve their goals. Netragard helps companies strike the balance between operating and keeping the bad guys away while still operating their business efficiently. We go beyond our highly technical expertise to truly understand the needs of each business that is running behind those applications and computer systems.”

Helping clients

When it comes to being a successful company – particularly in the CyberTech market – the obvious key metric is how beneficial a business’ technology is at avoiding threats and ensuring cyberstability for its clients.

Desautels quipped, “By combining penetration testing & red teaming approaches, Netragard provides customers with the most comprehensive security testing possible. We help them test the effectiveness of their security controls and incident response procedures as well as identify and remediate vulnerabilities. After working with us, our clients are better able to detect and respond to incidents to prevent them from becoming damaging compromises.”

The Netragard Founder added that initially, companies reach out to them to either fortify their cybersecurity posture and/or to satisfy third-party testing requirements.

“Businesses stay with Netragard because of service quality and customer care. We offer a wide range of offensive security services that are tailored to the specific needs of their businesses and we have a global team that consists of experts who are highly skilled in information security and customer service,” he continued.

The need to invest

When it comes to avoiding the very real threats that can be posed by hackers and threat actors in the cyber world, a key way to do this is by penetration testing. By understanding where the potential pitfalls lie, it offers the opportunity for companies to get ahead of the game. Do firms need to invest in this more?

“Penetration testing helps companies proactively identify and fix security issues before they are exploited,” stressed Desautels. “The return on investment of good security is equivalent to the cost in damages of a single successful compromise. As those costly data breaches continue to make international headlines, organizations realize that it is no longer a matter of if they will be breached, but when.”

Netragard’s customised approach, Desautels underlined, provides organisations with the tools to improve their established security solutions and better train employees to react to a real-life breach. “We want to make it so hard to hack your company that the bad guys will no longer waste their time, money or effort to pursue a cyberattack against your valuable assets and will move onto other targets,” he stated.

Real-world threats

The knowledge that data breaches and cyberattacks are not a potential but a real and common threat means for many companies, the need to invest is now and the need to understand the threats has never been more important.

What are the greatest current real-world threats to financial companies? Desautels cited recent research by Verizon which found that the financial sector experienced 690 data breaches in 2022, surpassing all other industries.

In the opinion of Desautels, there are key significant threats to financial firms, with the first one being ransomware attacks. “Ransomware attacks can be particularly devastating for financial firms, which often have large amounts of sensitive data at risk.”

Insider threats are also a big challenge. Over the past couple of years, many ransomware groups have started to adapt their business model by recruiting ‘affiliates’ that will provide them with initial access to a company’s network.

The third threat is advanced persistent threats. Desautels explained, “APTs are sophisticated cyberattacks that involve targeted and persistent efforts to infiltrate a specific organization’s systems and networks. APTs often use supply chain attacks as a tactic to infiltrate a targeted organization. This can be a particularly effective attack vector because it can be extremely difficult (if not impossible) for organizations to prevent these attacks.”

The future of cybersecurity

With the digital world evolving, so do the potential threats that users can face in it. With new technologies providing new opportunities for threat actors to cause havoc online, where is the future of cybersecurity headed?

“Cybersecurity will become so pivotal over the next decade that it will become something taught in grade school,” exclaimed Desautels. “Governments, cities, and companies will be challenged by an increasing sophistication of cyber threats, the growing use of AI and ML and the expanding attack surface created by the IoT.”

“Things like quantum computing will pose new security challenges because traditional encryption methods will likely be ineffective against quantum-enabled attacks. Netragard will evolve with those threats by continuing to invest in our people, research and development capabilities and expertise in emerging technologies. Staying ahead of the real-world threat is what helps us to protect our customers from people like us.”