Assess Your Company's Digital Security Before Attackers Do
If your business was hacked tomorrow, do you know what would happen? Protecting your valuable assets and customer data is paramount in today's digital landscape. Alongside robust security controls, regular network penetration tests play a critical role, and these tests are precisely what cybersecurity insurers will look for when assessing your policy.
What Is Network Penetration Testing?
Network penetration testing is a security test where experts try to hack into an organization's computer network to find vulnerabilities and weaknesses. It's like a "mock" hack to see if a hacker could get in and cause damage. The goal is to identify any problems and fix them before a real hacker can take advantage. It's basically a way to check the security of an organization's network.
Assessment Capabilities
The internal and external testing phases are similar in many ways, with the exception of leveraging Open-Source Intelligence (OSINT). These assessments take a comprehensive approach to identifying security vulnerabilities which expose systems and services to potential threats. To accomplish this goal, we will leverage a number of resources and techniques to identify, enumerate, and exploit the targeted systems. The following components are included in this phase:
User Profiling
By leveraging publicly available resources, such as social media and other sites, the platform attempts to gather as much information about the targeted organization, including its employees. Using such information, the platform will create a custom list of potential usernames and email addresses that may be useful for other attacks, such as password attacks.
Reputational Threats
The platform attempts to identify potential areas that could be used to harm your organization's reputation. Such information could include misspelled domain names (registered by an attacker), inflammatory domain names, etc.
Intelligence Gathering
Information about the target environment(s) will be gathered to help map out potential target IP ranges, environments that may contain sensitive information, as well as other information that may be valuable to an attacker. Publicly available resources searched during this phase include current and historic DNS records, search engines, forums, Pastebin, GitHub, and your website.
Vulnerability Analysis
Vulnerabilities are identified through both manual testing as well as automated testing and scanning. As vulnerabilities are identified within the targeted environment, the platform will validate the existence of the vulnerability by attempting to leverage multiple validation techniques (e.g. Nmap, Metasploit, etc). Once validated, the platform will gather proof of validation for reporting purposes. During this phase, the platform also marks false-positives as such to assist the organization with only relevant and validated security vulnerabilities.
Exploitation
Based on the security vulnerabilities identified in the Vulnerability Analysis phase, the platform will cautiously attempt to perform exploitation of security vulnerabilities. Depending on the type of security vulnerability exploited, this process may result in the platform gaining limited, or full, access to the exploited target.
Post-Exploitation
To demonstrate the full impact that a malicious attacker could potentially make within the organization, the platform will attempt to perform post-exploitation within the environment. One of the activities involved in this process is privilege escalation, which is the attempt to escalate access within the environment to privileges that would allow for further access within the environment
Using a device connected to your internal environment, our security consultants will discover security vulnerabilities present within the internal network environment. These activities will simulate that of a malicious attacker.
Assuming the role of a malicious attacker from the public internet, our security consultants will identify security flaws within your external network environment. These flaws can include patching, configuration, and authentication issues.
Our Penetration Testing Process
Prep and Install Device Onsite
First, we will come onsite and install a dedicated device on your internal network that will handle these ongoing penetration tests.
Configure and Schedule Monthly Pentests
Next, we will build out the applicable tests and schedule accordingly
Review Pentest Results
After the tests have been performed, we will review the results and begin building the necessary remediation plans
Present Report Findings
After we review, we will present our findings and show you what remediation steps will be required to fill the found security gaps
Repeat
Our pentest commitment cycle is 12 months long. This gives us enough time to show progress month over month and to ensure that security issues find their permanent resolution
How much is this going to cost?
Fill out the calculator below and have the price estimate emailed to you.
