Pondurance serves as a trusted security advisory. Our combination of technology and services can help you meet today’s complex compliance, risk and security demands. We will work closely with you to prove and improve your security. Whether you need assistance with Payment Card Industry Data Security Standard (PCI DSS) or HIPAA compliance or ongoing virtual Chief Information Security Officer services, we can help you mature your security and compliance programs.
Incident Response Planning
Pondurance can help your organization to review and develop security incident response plans to ensure that your procedures are comprehensive, actionable and robust. Our methodology ensures that you have incident response plans that cover:
Pondurance offers external and internal testing. External testing is designed to represent the visibility and access that an external threat would have and is performed from the Pondurance Penetration Testing Laboratory. Internal testing is designed to represent a malicious insider or attacker who has gained a foothold into the network via techniques such as phishing, malware or stolen credentials. The combination of these two methodologies provides enhanced insight into an organization’s defenses.
Perform comprehensive discovery and enumeration procedures to target pertinent internal address ranges. Establish a baseline of services to manually test for common configuration issues and vulnerabilities.
Verification and manual testing
Review and validate all identified vulnerabilities to remove false positives. Human-driven manual testing procedures are executed to identify flaws not easily identified with automated tools. Penetration testing is performed against identified vulnerabilities to evaluate the effectiveness of security controls.
Application Security Testing
Pondurance performs detailed application security analysis and vulnerability scanning using a comprehensive suite of tools. The testing encompasses the various tiers of the application architecture to provide a deep assessment of critical applications. Areas of testing include, but are not limited to:
- OWASP Top10
- Verification and manual testing
- Information gathering and isolation
- Automated methods verification and manual review
Red Team Exercise (Physical Penetration Testing)
Pondurance can help validate both digital and physical security to ensure that your organization has a clear understanding of risk. Whether the engagement begins with spear-phishing an employee or attempting to enter facilities, we’ll first discuss all scenarios with you during a rules of engagement meeting. This discussion ensures that your expectations will be met and our techniques are approved.
Some in-scope procedures for the physical penetration testing include:
- Covert facility surveillance
- Attempts to gain unauthorized entry (RFID cloning, lock picking, etc.)
- Secure access via tailgating
- Credential forgery/impersonation
- Unauthorized access to sensitive materials
- Clean desk check
A System That Delivers
Cybersecurity technology has improved, but bad actors continue to evolve. The requirements for effective cyber defense have grown beyond traditional data and system security solutions. What worked five years ago no longer covers the complexity of modern threats. As threat actors develop new ways to expose vulnerabilities and exploit businesses, cybersecurity teams are stretched to keep their organizations safe, stable and resilient against attacks. At Pondurance, it’s our job to know the threat so we can provide you with the best service and protection.