Delivering Security Services on your behalf and that includes Penetration Testing
Keeping your data secure is vital to your company’s success. You don’t want external sources breaching your firewall and getting at private or proprietary data. And if your company does business with the government, compromised information can mean pricey and time-consuming legal trouble.
This is why you need to undertake periodical external penetration tests. They allow you to discover if you are vulnerable, how you are vulnerable, and what steps you can take to patch the vulnerability.
Not only will it help keep your company’s information secure – it’s also an important part of demonstrating that you respect the privacy of your customers, clients and vendors.
External & Internal Penetration
What is an external penetration test?
An external penetration test allows expert analysts to attempt to compromise your system. It is not a random attack. It is preplanned and coordinated at a specific time to allow you to monitor what happens.
On a practical level, an external penetration test simulates the activities of a hacker – but in a controlled and safe environment. They may attempt to send an email with a virus or malware. They may attempt a brute force attack. Overall, they will make every attempt possible to engage with your system and extract the data they want.
In most cases, at least some level of vulnerability is discovered that needs to be fixed. Once the fix is put in place, another test is performed to see if the solution is effective.
External penetration tests can be a one-time analysis, but they should be done periodically throughout the year. Hackers come up with new ways to breach data all the time – and it’s up to you to ensure your company’s security can stop them.
We can provide your organization with a detailed view of your existing infrastructure and security gaps that may result in a business impacting penetration. We live by and for the best security monitoring practices.
Internal Penetration Tests
An internal penetration test is a scheduled activity – either known to everyone in your organization, or just C-Suite members. Because you know it’s happening, you can monitor it and see what happens in real time.
In such a test, analysts posing as staff members and try to gain access to data that they are not authorized to see. If they succeed, they then map out the vulnerability and recommend fixes for the problem.
The vast number of internal penetration tests do identify major vulnerabilities. Once your improvements have been implemented into the system, these analysts will try to attack again and ensure that the new methods are effective.
What does an internal penetration test tell me?
All of these behaviors and more are examined during the course of an internal penetration test.
- Does one of your workers leave their computer on when they go to lunch?
Is a password written down in a place where anybody could find it?
Do some people have more access than they require, to do their jobs?
Are people sharing passwords?
Can your system be hacked from the inside?