Kinepolis Improves IT Security through a Global Network of Ethical Hackers

Yannick Merckx
kinepolis logo
Bjorn Van Reet

The leading international cinema company connects with security researchers from all over the world on intigriti’s ethical hacking platform. Why? To protect customer data and improve the security of their systems. Kinepolis had great partnerships in place for traditional security testing procedures. But they decided to take it one step further.

Having access to intigriti’s global network of researchers was the missing piece of the security puzzle that we needed."
— Bjorn Van Reet, CIO, Kinepolis Group

About Kinepolis

Kinepolis is a leading company in the cinema exhibition industry. They offer the ultimate movie experience by investing in comfortable seating, big screens, good content and innovative cinema technology.

Their Challenge: Increase the Overall IT Security Across Websites and Systems

Kinepolis’ main interaction point with their customers is their web platform. Keeping those systems secure and up and running at every moment is of utmost importance.

The cinema company already worked with good partners to help with their IT security challenges, providing penetration testing for example.

Penetration testing, or pentesting for short, is done before a software release or major update. A designated security expert examines the code and checks for vulnerabilities.

A penetration test is a snapshot of a certain moment. IT security is one of the fastest moving parts in the whole industry, we wanted to increase the overall security for the systems and the people."
— Bjorn Van Reet, CIO, Kinepolis Group

Their Solution: Being Challenged in Unexpected Areas

Kinepolis decided to run a bug bounty program on the intigriti platform. They invited crowdsourced security researchers to look for vulnerabilities in their systems in a safe and controlled way.

The decision to work with such ‘ethical hackers’ was not taken lightly.

“The biggest challenge of starting with intigriti was fear of the unknown. It feels a little like jumping out of a plane. Allowing people to test our systems 24/7, especially directly in production! I quickly realised that it is happening anyway. Once you publish your website, it’s out there in the big world. It’s connected and it’s accessible… also for people with bad intentions. Better accept reality and try to secure everything as much as possible.”

The intigriti platform is the central hub of communication between external researchers and Kinepolis. When a vulnerability is found, the researcher submits his findings to the platform first. There, intigriti’s own security experts check if the vulnerability is real and properly documented. The benefit is clear to Van Reet: “Intigriti’s triage process makes sure that only real issues are submitted to our IT security team, who can immediately work on a solution.”

Their success: Keeping the Systems Safe in a Joint Effort

Collaborating on the intigriti platform, Kinepolis’ internal IT security teams feel backed up by the crowdsourced researchers, who insert an inspiring element of creativity to IT security testing. All share a common goal: keeping the systems safe.

Do you want to save this case study for later reference?

Download this customer story as pdf. Download PDF

Other customer stories to have a look at