fbpx

Advisory Services

Pondurance serves as a trusted security advisory. Our combination of technology and services can help you meet today’s complex compliance, risk, and security demands.  Pondurance works closely with clients to both prove and improve their security. Whether you need assistance with PCI DSS or HIPAA compliance or ongoing virtual CISO services, we can help you mature your security and compliance programs.

Incident Response Planning

Pondurance helps organizations both review and develop Security Incident Response Plans to ensure that procedures are comprehensive, actionable and robust. Our methodology ensures our clients have IR plans that cover:

Establish Management Commitment and organizational accountability, and allocation of resources to prepare.

Establish Management Commitment and organizational accountability, and allocation of resources to prepare.

Pondurance will develop procedures to help contain damage and restore affected systems to their normal operating state.

Pondurance will help develop procedures focused on the removal of threats for infected systems. Pondurance may recommend eradication procedures that are designated for internal execution and others that may be best executed by third parties (i.e., forensic analysis, memory scraping and analysis, system cleaning, etc).

Pondurance will develop procedures that provide a basis of recovery for minimum or normal operations.

Pondurance will develop a process for validating the plan, facilitating tabletop exercises and a lessons learned process from real world events.

Security Testing

Pondurance offers both external and internal testing.  External testing is designed to represent the visibility and access that an external threat would have and is performed from the Pondurance Penetration Testing Laboratory. Internal testing is designed to represent a malicious insider or attacker that has gained a foothold into the network via techniques such as phishing, malware, or stolen credentials.  The combination of these two methodologies provide enhanced insight into an organization’s defenses.

Penetration Testing

Information Gathering

Perform comprehensive discovery and enumeration procedures to target pertinent internal address ranges. Establish a baseline of services to manually test for common configuration issues and vulnerabilities.

Verification & Manual Testing

All identified vulnerabilities are reviewed and validated to remove false positives. Human-driven manual testing procedures are executed to identify flaws not easily identified with automated tools. Penetration testing is performed against identified vulnerabilities to evaluate the effectiveness of security controls. 

Vulnerability Discovery

Perform detailed security analysis and vulnerability scanning using a comprehensive suite of tools.

Application Security Testing


single-man-actions-process

Dynamic Application Testing​

Pondurance performs detailed application security analysis and vulnerability scanning using a comprehensive suite of tools. The testing encompasses the various tiers of the application architecture to provide a deep assessment of critical applications. Areas of  testing include, but are not limited to:

  • OWASP Top10
  • Verification & ManualTesting


server-search

Static Application Security Testing

Pondurance will analyze application source code, byte code and binaries for coding and design conditions that are indicative of security vulnerabilities. Our SAST services analyze an application from the “inside out” in a non-running state, via:
 
  • Information Gathering & Isolation
  • Automated Methods Verification & Manual Review

Red Team Exercise (Physical Penetration Testing)

Pondurance can help validate both digital and physical security, ensure that your organization has a clear understanding of risk.   Whether the engagement begins with spearphishing an employee or attempting to enter facilities, all scenarios are first discussed with the client during a “Rules of Engagement” meeting. This ensures expectations are met and techniques are approved.  

Some in-scope procedures for the Physical Penetration Testing include:

  • Covert Facility Surveillance
  • Attempts to Gain Unauthorized Entry(RFID Cloning,Lock Picking,etc.)
  • Secure Access via Tailgating
  • Credential Forgery/Impersonation
  • Unauthorized Access to Sensitive Materials
  • Clean Desk Check

Assessments and Compliance

image

1_Kfo8TL3UHINtHjEc5kX5Xg

645px-nist_logo-svg_1

With our extensive background in assessments, penetration testing, and auditing, we help organizations improve their security stance over time by locating vulnerabilities and configuration weaknesses. These assessments examine the underlying infrastructure, people, and technologies to identify vulnerabilities that pose a risk to the organization.


server-check

Compliance Framework Assessments


server-information

Technical (Risk) Assessments


server-search

Third Party Risk Assessments

A System That Delivers

Cyber security technology has improved, but bad actors continue to evolve.  The requirements for effective cyber defense have grown beyond traditional data and system security solutions. What worked five years ago no longer covers the complexity of modern threats. As threat actors develop new ways to expose vulnerabilities and exploit businesses, cyber security teams are stretched to keep their organizations safe, stable, and resilient against attacks.  At Pondurance, it’s our job to know the threat so we can provide the best service and protection to our clients.