Introduction: Information security services
We adhere to the strictest and most respected standards in the industry, including: -The National Institute of Standards and Technology (NIST) -Open Source Security Testing Methodology Manual (OSSTMM) -Penetration Testing Execution Standard (PTES) Our security experts possess the most advanced certifications for cyber security professionals, including: -Offensive Security Certified Professional (OSCP) -Offensive Security Certified Expert (OSCE) Even more important than certifications and standards are the experience and technical abilities needed to simulate real world attacks that our clients might encounter from cyber criminals, thereby eliminating security threats and providing an effective cyber security architecture. 2 Standards and Certifications
Competitive Advantage 3 While automated tools have their place, they are no substitute for manual tests performed by experienced security professionals. Many companies claim to offer penetration tests when really what they are offering are automated vulnerability scans. These scans do not eliminate false positives and do not test an organization’s systems against a potential real world attack. A true penetration test exploits vulnerabilities and culminates in a report detailing what was accomplished and providing recommmendations to eliminate the exploited security issues that would make the target organization susceptible to determined and skilled hackers. Our team carries out advanced attack strategies in order to provide our client with a realistic perspective of where they stand when facing actual threats since new vulnerabilities are constantly discovered. As such, our solutions are optimally effective in securing a client’s systems from a breach. We offer a validation service after recommended changes have been made to ensure proper implementation.
Case Study- Medical Sector 4 We performed a black box penetration test for this client, simulating a real world external attack from a skilled hacker or group of hackers with no inside knowledge of the targeted organization. This penetration test resulted in a 94 page report, with the main security vulnerabilities being the following: Faulty configuration which would allow an attacker to gain access to the corporate network Vulnerabilties which would allow an attacker to install malicious software in the network Misconfiguration which would allow an attacker to gain remote access to internal machines and transfer information from the internal network Misconfiguration of the computers and servers which would allow total control over them The IT team received a report detailing all these risks along with best practice recommendations. Consequently, they were able to implement the necessary changes in a quick and efficient manner, resulting in a strong cyber security architecture.
5 Case Study- Financial Services A black box penetration test was carried out for this client. The company suffered from various common problems, including: A misconfiguration that exposed an internal database server directly to the Internet. Making matters worse, the database server was susceptible to remote code execution and memory corruption vulnerabilities. The combination of these vulnerabilities would have made it possible for an attacker to remotely take full control of the database server. Misconfiguration of remote access on multiple servers allowed for insecure communication and remote breach of the targeted systems. Upon receiving the report, the IT team of our client was able to implement the required changes to secure their data and operations. A subsequent validation was conducted at the client’s request wherein we confirmed that the changes had been implemented successfully. We also created a information security policy to ensure company culture followed acceptable security protocols with minimal interference to day to day operations. The financial and reputational consequences from a successful attack with their initial infrastructure would have been extremely severe and many multiples more expensive than hiring us.