Scanning and Enumeration
Using automated tools and manual processes, we scan for exposed ports and services, known vulnerabilities, misconfigurations, and deviations from industry standards and best practices. We look for the vectors that could give an attacker the opportunity to access your networks, data, or users.
We can run a vulnerability assessment for a project as small as one web application or as large as your entire network. Just give us an estimate of how many and what kind of devices we’ll be evaluating, and if there is anything that is off-limits during the test.
Gaining Access, Privilege Escalation, Expanding Access
In this phase, we gain access by leveraging previously discovered vulnerabilities, just like an attacker would. Depending on the services you choose, we can attempt to gain access from the internet, from inside your network (like an insider threat), using social engineering against your personnel, or physically entering your facilities. We can also audit your security policies and review code exposed during this phase.
Red Team Assessment
Our experienced red team can emulate a specific threat, such as a nation state actor or cyber criminal organization, utilizing representative tools and techniques to survey and breach a network.
This process enables us to accurately assess the security of your network. We can then evaluate the capabilities and response of the cyber security personnel (blue team). After our assessment, we provide a detailed report containing findings along with actionable suggestions to help your teams correct security issues.
Remediation and Ongoing Support
Working Together to Improve Your Resilience
What good is a security assessment if you’re left without a resolution? If you opt for remediation verification, we will work with you and your team to verify that vulnerabilities are fixed and no longer usable by an aggressor. We will retest the issues we found in our original evaluation once you have had a chance to fix things up. We’ll also provide you with an updated report of our findings and suggestions.
Our work goes beyond merely identifying vulnerabilities – we provide clear, actionable remediation recommendations so you can resolve any issues to protect your organization. We can present these recommendations in a report, or in person. We can provide training to help you maximize the impact of what we’ve learned about your cyber security posture and help you to better prepare for the future.
If you are interested in ongoing 24/7 monitoring of your networks, we also offer Managed Security Services. This allows those same world-class cyber operators that conducted your Cyber Security Assessment to watch for threats as they emerge, and react before your organization becomes a cyber crime statistic.
Black Box, White Box, Red Team, Pen Test
No, this isn’t a Dr. Seuss book