Situation
A major global transportation operator needed to assess the cyber resilience of its entire fleet. Each vessel operated its own Active Directory environment, network architecture, and bespoke security controls. While the organization already had autonomous tools deployed, it struggled to use them consistently across such a diverse estate.
The CISO’s major concern was compromise of a vessel at sea, which could put the passengers, cargo, and the ship itself at risk.
At a glance
Organization: Global transportation operator
Industry/Sector: Maritime transportation & logistics
Challenge: Scale penetration testing across numerous isolated networks
Solution: A hybrid approach combining Horizon3.ai’s NodeZero automation with expert-led network penetration testing
Results: Faster delivery, broader coverage, and validated, actionable findings
Challenges
Traditional manual penetration testing could not scale to the size and complexity of the client’s environment. Each network required baseline coverage of common attack paths, as well as specialist testing for unique configurations and operational constraints. Relying solely on vulnerability scanning risked producing large volumes of unvalidated findings with limited real-world value.
NCC Group was selected for its offensive security expertise and its ability to combine autonomous testing at scale with expert‑led penetration testing, enabling consistent baseline coverage across the fleet without sacrificing depth or accuracy.
Solution
Following a consultation with the client, NCC Group designed a hybrid penetration testing program that combined Horizon3.ai’s AI-driven penetration testing tool NodeZero with expert‑led manual testing. NodeZero was used to establish a consistent baseline across each network, rapidly identifying exploitable paths and credential weaknesses.
Where environments included bespoke systems or operational constraints, consultants focused manual effort on deeper exploitation, configuration weaknesses, and edge cases that automation alone could not reliably assess. Insights and credentials gained through manual testing were fed back into NodeZero to extend attack paths and preserve the breadth of coverage.
This approach enabled comprehensive testing of the entire fleet within a compressed timeframe, without compromising on scope or quality.
Benefits
NCC Group’s testing produced a comprehensive security map for each vessel in the client’s fleet. Using these maps, the client effectively targeted and prioritized key vulnerabilities that posed the greatest risk to their estate.
This testing program also provided a repeatable model for testing the fleet that the client could now replicate when additional testing was required. NCC Group designed specific test cases and approaches for each ship that would allow future tests to proceed uninhibited.
Additionally, the program exceeded budget expectations and built confidence in the fleet’s security for the CISO’s organization and senior stakeholders.
This approach reduced uncertainty across the fleet and gave leadership confidence in real-world attack exposure.
Key takeaways
- Large, distributed estates require a different approach to penetration testing.
- Automation delivers scale, but expert insight delivers impact.
- Hybrid testing bridges the gap between vulnerability scanning and true adversarial testing.
Our partner network
NCC Group is a people-powered, tech-enabled global cyber security and resilience company with over 2000 colleagues around the world.
For over 25 years, we’ve been trusted by the world’s leading companies and Governments to manage and deliver cyber resilience. We're proud to deliver important and groundbreaking projects for our clients.
As technology and cyber threats continue to evolve, we remain relentlessly committed to our mission: working together to create a more secure digital future.