Network Penetration testing
E Secure 360 simulate the actions of a malicious external user exploring the externally accessible infrastructure of your organisation using commercial and public software and tools. This will address a wide range of potential threat origins including Internet infrastructure, Web applications, Trusted third party connections. Voice over IP, Remote access. The most accurate method to evaluate your organization’s information security stance is to observe how it stands up against an attack. Our experts perform a simulated attack on your network to identify faults in your system, but with care to help ensure that your network stays online. We follow a structured methodology to ensure a thorough test of your entire environment and meet regulatory requirements as PCI DSS, GLBA, HIPAA, SOX, EU GDPR, ISO 27001, FISMA/NIST.
External Penetration Testing—From the Outside In
Our external penetration testing service includes iterative tests of your environment starting with the most general components working toward the most specific. Our expertise and proven methodology allow us to effectively model attack scenarios that highlight risk from the largest, most complex environments to the most simple.
Internal Penetration Testing—Addressing Internal Threats
Internal threats can be the most devastating that organizations face today. Internal corporate LAN and WAN environments allow users greater amounts of access, but usually with fewer security controls. Depending on your needs, we can facilitate an internal penetration test either using the traditional method of deploying consultants to your facility, or testing can be conducted remotely. Using either method you end up with a focused, iterative, manually based security test of your internal network infrastructure.
– Network Vulnerability Scan
– Validation Of Scan Results
– Most Exploitable Findings (Top 10+)
– Manual Pen Testing: Any Exploitable Vulnerabilities
– Vertical Escalation
– Horizontal Escalation
– Attack Chains
– Escalation To Adjacent Systems
– Client Side Attacks
– Custom Protocol Attacks
– Limited Phishing
– Escalation To Internal Network
– Findings Report
– Video Evidence
– Post-Test Debrief