OUR SERVICES
Penetration Testing
Penetration testing allows an MSSP to actively see — by way of attack simulation — where the vulnerability points in your organization's technology infrastructure.
HOW IT WORKS
OUR PROCESS
Penetration testing allows a Managed Security Services Provider (MSSP), like us, to actively see — by way of cyber-attack simulation — where the vulnerability points in your organization’s technology infrastructure. It can be an extension of vulnerability scanning — taking the known vulnerabilities and exploiting them in a testing environment to see the level of potential damage they can have on a company’s network.
Do It Again: Penetration testing isn’t a “one and done” thing. We regularly review and update the scope and methodologies of the penetration test to adapt to new threats and vulnerabilities. We conduct follow-up tests to ensure that previously identified vulnerabilities have been effectively mitigated. It’s a “rinse and repeat” process for every network.
Click on the section headers below to read more about each step of our process:
1. Define
The first step of penetration is defining what will be tested and what methods and tools will be used. We clearly specify which parts of your network are in scope and which are out of scope. We determine the level of access that the penetration test will have, such as user-level or administrative access.
2. Analyze
During the analysis phase, we clearly identify all the specific assets, systems, and networks that will be tested, including their potential vulnerability points. We then use tools and techniques to identify potential vulnerabilities in those systems and networks within the defined scope. We also evaluate the severity and potential impact of identified vulnerabilities. These two phases occur prior to the exploitation phase, allowing us to have a documentation of your networks structure which helps us to determine the best ways to go about testing your network.
3. Exploit
It’s go time! We conduct simulated infiltration tests that exploit identified vulnerabilities, simulating real-world cyber-attack scenarios. The information that’s provided — including whether or not the simulated attack was successful — allows us to see the potential penetration points. We then assess the potential damage and impact of successful exploitation.
4. Report
After we review the findings, we provide a detailed report of all identified vulnerabilities, including the methods used to exploit them and the potential impact. But, we don’t leave it there. We offer actionable recommendations for mitigating identified risks and improving overall security and how we can help attack some of those action items.