Yealink, a global leader in unified communication and collaboration solutions, is dedicated to enhancing its overall security posture through ongoing comprehensive penetration testing conducted by NetSPI, the leader and innovator in cyber security testing industry. The latest flagship collaboration display, the MeetingBoard, has successfully undergone a rigorous penetration testing conducted by NetSPI. Looking ahead, Yealink plans to extend this commitment by subjecting multiple key products across various product lines to regular penetration testing throughout the upcoming year.

Why Penetration Test?

Penetration testing, also known as pen testing, is a security assessment process that simulates real-world attacks on computer systems, networks, applications. Its objective is to identify vulnerabilities and weaknesses before malicious attackers can exploit them. In the fast-paced world of unified communication, where the data flows and threats evolve, pen testing plays a critical role in safeguarding sensitive data, ensuring uninterrupted service availability, and staying ahead of evolving security challenges. To provide customers with the highest level of security and peace of mind, Yealink has actively engaged with third-party penetration testers to conduct the most challenging and comprehensive security assessments on its offerings.

NetSPI: Expert Third-Party Perspective

NetSPI has emerged as a prominent figure in the cybersecurity industry, recognized for its solid reputation, extensive experience, and state-of-the-art technology. Their team of skilled and experienced security consultants stays updated with the latest cybersecurity trends and best practices. With over 250,000 hours of security testing conducted annually, NetSPI is trusted by more than a thousand organizations worldwide, including 4/5 the largest global cloud providers, 9/10 top U.S. banks, and 3/5 FAANG tech companies. This proven track record has positioned them as Yealink's long-term external penetration testing partner.

An Ongoing Pursuit of Robust Product Security

A recent example of Yealink's commitment to security is the rigorous penetration testing conducted by NetSPI on the MeetingBoard. The Embedded Device Penetration Test aimed to identify security issues that could potentially compromise the confidentiality, integrity, or availability of the application, device, and associated data. Following a phased assessment approach, NetSPI utilized a combination of automated tools, custom scripts, and manual techniques to scan for, identify, and exploit vulnerabilities.

"The results were extremely encouraging, with NetSPI's expertise enabling us to identify and remediate all possible vulnerabilities," shared Alvin Liao, the VP, Head of Product of Yealink. "This collaboration underscores our ability to promptly and effectively prevent, detect, and respond to threats."

Building on the success of the MeetingBoard penetration test, Yealink has initiated an annual security project with NetSPI. This extensive endeavor encompasses web application penetration testing and embedded penetration testing on multiple pivotal products. The scope includes evaluating the Yealink Management Cloud Service platform, phones, and room systems on Android and Windows.

This security project with NetSPI is part of Yealink’s dedication to delivering reliable, secure, and trusted communication and collaboration solutions to its valued customers. To consistently meet the highest standards of security in different countries, regions and industries, Yealink has also completed SOC2 Type2 audit, acquired ISO 27001 and DGPR security certification. Its certified products also meet the hardware security criteria set by Top UCaaS providers Microsoft Teams and Zoom and chosen by top global brands, including telecom giant partners and Fortune 500 companies.