Penetration Testing –
Do you have a good information security policy? How hard would it be for an adversary to compromise your security and steal data from your network? When is the last time you’ve had a penetration test or vulnerability assessment performed? Not sure on any of these answers? Go ahead and have a penetration test performed so that you might know these answers. It is no longer acceptable to wait until something happens to take a look
The responsible thing is to assess your security now, no matter how bad you might think it is, so that you can be quickly on the path to any required remediation and elimination of vulnerabilities. We provide several different kinds of penetration testing. This includes Traditional Network Penetration Tests, Web Application Penetration Testing, both cloud based and traditional apps. We will also perform comprehensive social engineering and phishing tests, including physical attacks, malicious device planting (thumb drives etc) and many other techniques. Our scope includes White Box, Grey Box, and Black Box penetration tests. By effectively becoming the enemy, we take on the role of malicious hackers and methodically try to break your security. Most of our penetration testers are seasoned offensive security professionals who mostly come from the world of offensive operations in various intelligence communities.
Web Application Testing –
We perform web app penetration tests against your web apps. We have extensive experience with testing applications hosted in Amazon AWS and Microsoft Azure.
Network/Traditional Penetration Testing –
We perform network based penetration testing either in a Black Box or Gray Box format. Black Box or zero knowledge tests are the tests we perform when act as an outside malicious attacker, operating only with knowledge gained from the exercise. Gray box is when we come inside and act as a malicious internal user or a external user who’s just gained internal access. The primary point of Gray Box testing is to ascertain the security posture internally.
Phishing and Social Engineering –
Phishing tests are tests we do to test your employees resiliency to phishing attacks. Since this is still the number one way organizations are initially breached, it’s also one of our most popular tests. We will send out phishing emails and provide detailed reporting on which employees opened the email, which ones clicked on the links etc.
Incident Response and Forensics –
If you’ve just be compromised or you think you may have, minutes count. We provide you with a very quick and responsive service that allows you have a KM analyst and incident response professional in communication with your team very quickly. Those who opt for the retainer service will enjoy and 1 hour response time, 24 hour onsite time service level agreement.
Incident Response Testing Services –
This is our fastest growing service. We bring in a few devices that we manage then use these devices to move horizontally inside your network. We search for, find and ex filtrate predefined data (agreed upon by you the customer), then we see if your team even detects the breach and if so, measure how they respond.