Penetration Testing
Is your confidential information safe from hackers?
Do you need to know the real level of security provided by your network, people, and operational processes?
Do you need to prove the level of your security to auditors, business partners, or your clients?
Penetration testing, or ethical hacking, is our most thorough test of your network’s security.
Penetration testing is a controlled attempt to compromise your network and its data. To simulate a real attack by a skilled hacker, DigitalDefence testers use a strict methodology employing the latest attack techniques and the results of in-house vulnerability research to identify exploitable vulnerabilities before they can be used by an attacker.
During the test, you have full visibility into the actions of the attacker, as well as your network's defensive mechanisms. Did your firewall stop the attack? Did your intrusion detection system identify an attack in process? Most importantly, did your IT and security staff respond appropriately to the intrusion? Penetration testing will not only identify vulnerabilities, it ensures a significant transfer of knowledge to your technical staff and raises the general awareness of security across the entire organization.
One the application or network is compromised, and DigitalDefence demonstrates that an exploitable vulnerability exists, we provide a comprehensive report that details (1) the vulnerabilities identified and proof of exploitation, and (2) a step-by-step process to mediate the weakness.
What Do We Test?
DigitalDefence can test all technical, operational, and process controls that secure your data environment, including:
- External network – firewalls, intrusion detection and prevention systems, network devices, and servers
- Internal network – servers, workstations, mobile devices
- Remote access technology – virtual private networks, two-factor authentication, encrypted communications channels
- Wireless networks – wide are networks, WLANs, internal WiFi networks, RFID, BlueTooth, proprietary industrial wireless devices, PoS terminals
- Telecommunications networks – Voice over IP, VoIP, commercial and open-source PBX, IVR systems
- Emergent technologies – industrial SCADA systems, virtual machines, cloud computing
Benefits
- Provide proof of real threats to your data’s security – provides compelling evidence for management action!
- Prevent financial loss – A security breach for even a small company can incur significant costs, including recovery costs, lost revenue, reduced employee productivity, and intangible costs such as a damaged reputation
- Identify potentical vulnerabilities in the network, or in specific business-critical applications
- Manage vulnerabilities – Testing provides detailed information on the presence of actual and exploitable vulnerabilities, allowing you to eliminate the false positive results produced by scans, prioritize the remainders, and allocate resources to patching or mediation
- Prove due diligence – Satisfy regulators, shareholders and investors, and clients that you are providing the highest degree of security to their data
- Ensure regulatory compliance – Regular penetration testing is now a requirement under frameworks such as ISO 27001:2005, PCS DSS, and cyberinsurance policies. Ensure compliance can eliminate the fines and liability that accompany non-compliance
Datasheet – Penetration Testing
Whitepaper - Maximizing the Benefits of a Penetration Test [169 kb]
