The Problem
Security people hate surprises. The last thing you want to learn is that your security defences aren't very good and a reasonably talented bad guy has taken down an application or stolen sensitive data. So how do you eliminate these surprises?
You need to test your environments pretty much like a hacker does – you need to get it done independently and you need to do it regularly.
Hackers or Attackers, which is truly a more accurate term, are testing your defences daily!!
Don’t believe us??? Then let us show you your firewall logs to prove our point.
Remember - bad guys don't follow a code of ethics. They use any means possible to break into computer networks. We use those same techniques to determine whether hackers will be successful on your network.
There are multiple layers to performing successful penetration testing services.
What we deliver
The CIS Security Audit begins by gathering and identifying critical information on the current system used by your business. A series of comprehensive penetration tests are performed, by using a zero footprint audit process which guarantees your current settings remain intact.
Our specialist technicians analyse and assess the results providing you with a detailed report outlining vulnerabilities and weaknesses in order to manage the IT security integrity for your business.
Internet security is continually changing; our services can assist by:
* identifying vulnerabilities and providing transparency
* maintaining & monitoring
* reporting to management
Our support services are communicated in clear and effective language, with minimal technical jargon.
We work closely with our clients throughout the process as an end-to-end solution, so you will be fully informed therefore ensuring the best outcome for your business
How do we do it??
Here are four distinct pen testing service offerings we provide to our customers to ensure they have full coverage.
1. Vulnerability scanning:
The network is the lifeblood of a business. It is what keeps the information flowing and ensures employees can do their jobs. So making sure it is secure is a very important task, and one that should be scheduled regularly. One of the key elements of that is testing the network for vulnerabilities, whether they are open ports, unpatched software or something else. A full network scan is also a good way to ensure a business creates an inventory everything connected to it, as all devices connected to the network can and do provide security weak points. Scanning is one of the requirements under nearly every regulation, so this is an easy step along the path to your security assurance.
2. Infrastructure pen testing:
This offering uses live ammunition, so all parties work together to ensure the minimum amount of disruption. All externally visible IP addresses are tested because that's what the bad guys out there can see and are likely trying to penetrate.
3. Application pen testing:
Increasingly attacks are targeting applications directly. Once the initial application is compromised, attackers go directly after the database, where the valuable information resides. If they can get into the database, then you are owned by the attackers!!
4. User testing:
This type of testing can involve: emailing fake messages to internal personnel and determining the level of click through; gaining access to secure office and work areas by posing as legitimate personnel; finding ways into the facility (past security or the receptionist) or, even dropping thumb drives in the parking lot to see who will plug them into their machines. Remember, malicious hackers don't have a set of rules. They use social engineering because it works. Don't let social engineering surprise you.