Managed Penetration Testing

There are a lot of different ways that penetration testing is described, conducted and marketed.  Often confused with conducting a “vulnerability scan”, “compliance audit” or “security assessment”, penetration testing stands apart from these efforts in a few critical ways

A penetration test is designed to answer the question: “What is the real-world effectiveness of my existing security controls against an active, human, skilled attacker?” We can contrast this with security or compliance audits that check for the existence of required controls and their correct configurations, by establishing a simple scenario:  Even a 100% compliant organization may still be vulnerable in the real world against a skilled human threat agent.

A penetration test allows for multiple attack vectors to be explored against the same target. Often it is the combination of information or vulnerabilities across different systems that will lead to a successful compromise. While there are examples of penetration testing that limit their scope to only one target via one vector (example, a web application pen test conducted only from the point of view of the Internet browser), their results should always be taken with a grain of salt:  while the test may have provided valuable results, its results are only useful within the same context the test was conducted. Put another way, limiting scope and vector yields limited <em>real-world</em> understanding of security risk.

Covert External Penetration Testing

External Penetration audits and rigorous tests are valuable in determining whether identified technical vulnerabilities might be exploited in an attempt to gain access into your internal network. Stealth Cyber Covert External Penetration Testing provides independent, third-party verification of an organization’s internet presence. we have 10 Pen testers in-house available 24/7

Social engineering techniques employed by our  Cyber Security SOC Team will determine the extent to which internal users may represent an exploitable vulnerability to your organization’s security.

Our External Penetration Test will evaluate compliance with PCI Penetration Testing Requirements and provide a report including prioritized recommendations. The final Vulnerability assessment will include detailed & prioritized recommendations for strengthening your network security.

Web Application Penetration Testing

Web Applications present a potentially exploitable risk to your organization’s network. Ensure they are properly tested for possible vulnerabilities and Bugs with our Managed Web Application Penetration Testing services

Our SOC Cyber security methodology determines if vulnerabilities exist in an application by testing application workflow, platform and host server. Controlled attacks are performed against reported vulnerabilities and a final report will identify prioritized remediation needs.

Although web applications should ideally be tested before launch, we can conduct a penetration test on live applications as well. The final report will include prioritized recommendations for strengthening your web application.

Stealth SOC SCADA Security Assessment

Supervisory Control and Data Acquisition (SCADA) systems are used to monitor and control operations of public and private utilities – and more. Malicious exploitation of these systems can have significant and serious consequences for critical infrastructure services that the public relies on in their everyday lives.

Our comprehensive SCADA Security Review methodology includes vulnerability scans performed in ‘safe mode’, carefully coordinated with your technical contact so as not to disrupt performance. The ICS assessment covers 16 network security domains including workstations, Programmable Logic Controllers (PLCs), communication infrastructure, and policies and procedures.

A final comprehensive report will be delivered to you, allowing you to potentially increase automation, reduce your system management costs, and increase control capabilities – in the most secure environment possible. The final report will include prioritized recommendations for strengthening your network.

Network Vulnerability Scanning

New vulnerabilities are discovered daily that could leave your network open to malicious attacks. By ensuring that you are aware of these vulnerabilities before your network is affected, you will be able to take immediate corrective action to protect your IT systems.

We offer both one-time and ongoing scheduled vulnerability scanning and Managed Pen testing on demand, based on your unique business needs.

The final report will include prioritized recommendations for strengthening your network.

Network Security Assessment – Small/Remote Network

Networks of all sizes need to be adequately secured – hidden vulnerabilities can cause immeasurable damage to your organizations information and resources, creating many problems that may not be immediately apparent.

Small or remote networks can carry out a cost-effective security assessment by installing an appliance provided by Stealths  Cyber SOC Team The appliance is designed to perform a vulnerability assessment without the need for an on-site Security Specialist, making this an affordable choice for smaller or remote networks.

The final report will include prioritized recommendations for strengthening your network security and your assets.

Wireless Pen testing

Is your wireless network secured against roaming attacks, rogue access points, WiFI-Phishing, and network resource theft? Our Wireless Security Review will assess authentication, encryption, and authorization mechanisms, access controls and rogue access points. The overall design of your network will be assessed against industry and vendor best practices.

The final report will include prioritized recommendations for strengthening your network.

Physical Security test and Parimeter testing

A Physical Security Assessment provides an independent verification of the physical security measures implemented by an organization to protect its employees, assets and sensitive data.

Verification of policy compliance, implemented security controls, identification of gaps, evaluation of risks, and prioritized remediation report.

Defensive Social Engineering

Social engineering / phishing techniques will determine the extent to which internal users may represent an exploitable vulnerability to your organization’s security.

A social engineering test is included in all our Standard Pen Tests standard external penetration test process but can also be an independent engagement.