Kinepolis Improves IT Security through a Global Network of Ethical Hackers

The leading international cinema company connects with security researchers from all over the world on Intigriti’s ethical hacking platform. Why? To protect customer data and improve the security of their systems. Kinepolis had great partnerships in place for traditional security testing procedures but they decided to take it one step further.

“Having access to Intigriti’s global network of researchers was the missing piece of the security puzzle that we needed.”

– Bjorn Van Reet, CIO, Kinepolis Group

Their story

About Kinepolis

Kinepolis is a leading international cinema company that connects with security researchers from all over the world on Intigriti’s ethical hacking platform. Why? To protect customer data and improve the security of their systems. 

Public company, listed on the stock exchange in 1998Operates 111 cinemas in Europe and North America, with more than 1,000 screens and almost 200,000 seatsEmploys 4,600 people

The challenge

Increase the overall IT security across websites and systems

Kinepolis’ main interaction point with its customers is its web platform. Keeping its systems secure is of utmost importance, and so the cinema company was already working with a penetration testing partner to help with their IT security challenges.

Penetration testing is often performed before a software release or major update. It involves a designated security expert examining code and checking for vulnerabilities within a pre-decided timeframe, following a set methodology. However, companies can’t assume they’ll be of the same security standard that the penetration test certificate states after their next software release or update. This is where bug bounty programs work well as a follow-up.   

“A penetration test is a snapshot of a certain moment. IT security is one of the fastest moving parts in the whole industry, we wanted to increase the overall security for the systems and the people.”

– Bjorn Van Reet, CIO, Kinepolis Group

The solution

Being challenged in unexpected areas

Kinepolis decided to run a bug bounty program on the Intigriti platform. They invited crowdsourced security researchers to look for vulnerabilities in their systems in a safe and controlled way. The decision to work with ethical hackers was not taken lightly. 

“The biggest challenge of starting with Intigriti was fear of the unknown. Allowing people to test our systems 24/7, especially directly in production, felt a little like jumping out of a plane!” 

“I quickly realised that it is happening anyway. Once you publish your website, it is out there in the world. It’s accessible — not only to people with good intentions but also to malicious hackers. I quickly understood that it is better to accept reality and try to secure everything as much as possible.”  

The Intigriti platform is the central hub of communication between external researchers and Kinepolis. When a researcher finds a vulnerability, they submit their findings to the platform so that Intigriti’s triage department can check if the vulnerability is real and properly documented.  

The benefit is clear to Van Reet: “Intigriti’s triage process makes sure that only genuine issues are submitted to our IT security team, who can immediately work on a solution.” 

The Result

Keeping the systems safe in a joint effort

Intigriti’s security researchers and Kinepolis shared a common goal: To keep their systems safe for end-users. As a result of using Intigriti’s bug bounty platform, Kinepolis’ internal IT security teams felt they had sufficient support to perform high-quality security testing. 

Do you want to know more?

Our team is ready to answer all your questions about IT security testing, the Intigriti platform, pricing or anything else. Request a demo with us today and we’ll get in touch!