How do you know if the defensive security measures you've taken are accomplishing what you need them to? Are there gaps and vulnerabilities that an attacker can take advantage of? If an attacker was able to access sensitive data on your network - what would the impact be? Lawsuits? Loss of intellectual capital? The best way to answer questions like these is a comprehensive penetration test.
Regardless which type of penetration you choose, they all begin with Discovery and Data Collection.
We collect data through various techniques and sources through interviews, social engineering, systems and network reconnaissance, data analysis, information provided by the client such as IP addresses, network diagrams, and application information. We then develop a plan of attack custom to your organization and penetration test type.
Types of Penetration Tests Sera-Brynn Offers:
External Network: This type of test is what most often comes to mind when discussing a penetration test. It involves identifying specific targets that are accessible from the internet and testing them using various tools and techniques in order to find vulnerabilities.
Internal Network: Similar to External Network, except for the test is executed from inside the business to identify vulnerabilities on the internal network and DMZ.
Web Application: Used to identify security vulnerabilities found in web-based applications. This type of test may be conducted against both internally and externally accessible web applications.
Wireless Network: The goal of this test is to assess the physical environment to identify and leverage unauthorized wireless access points and/or authorized wireless access points with weak security configurations and controls.
Social Engineering: Through a variety of techniques, this involves attempts to trick employees and business associates into revealing sensitive information such system account data or any other sensitive data that might be leveraged to inflict harm to the business.
The steps below provide a general overview of the execution phase of penetration tests Sera-Brynn conducts:
We’ll go through the results with you and discuss our findings along with relevant techniques we used to exploit vulnerabilities. We will also provide recommendations on remediation solutions for any issues we uncover.
In addition to providing an understanding of what needs to be fixed and how, we believe it’s important to put the results of the penetration testing evolution in the context of business impact. For instance, finding a remote service that is still configured to accept the default factory login is easy to fix. But what kind of damage could an attacker cause by taking advantage of the vulnerability? Could it be leveraged to gain access to internal systems containing credit card data or intellectual capital? How might such a breach affect the bottom line (regulatory fines, litigation, etc)? We’ll discuss all of this with you and ensure you’re left with a thorough understanding of the state of your security posture upon completion of our penetration testing effort.
Understand what your network or web applications look like to a hacker
Determine what attack vectors your business might be susceptible to
Find vulnerabilities that automated tools can't
Identify the potential financial impacts to the business if it is successfully attacked
Validate whether network defense measures are effective
Compliance requirements such as PCI require annual penetration tests
After a data breach, a penetration test will aid in recreating the circumstances under which the event occurred and verify that vulnerability remediations are effective
Sera-Brynn provided prompt turnaround, expeditious response, thorough communication, and exquisite service all around. Is able to easily transliterate technical threats into real-world business risk, digging deep when necessary to weed out potential unknown-unknowns and persistent threats. Would highly recommend their services to other financial institutions or anyone else serious about the security of their information assets.
Sera-Brynn did a fantastic job - very fast response time and able to bring in specialists and technologies I had never even heard of. Thanks to them I was able to recover quickly and avoid significant loss of clientele.