fbpx
Solutions

Advisory Services

Pondurance serves as a trusted security advisory. Our combination of technology and services can help you meet today’s complex compliance, risk and security demands.  We will work closely with you to prove and improve your security. Whether you need assistance with Payment Card Industry Data Security Standard (PCI DSS) or HIPAA compliance or ongoing virtual Chief Information Security Officer services, we can help you mature your security and compliance programs.

Incident Response Planning

Pondurance can help your organization to review and develop security incident response plans to ensure that your procedures are comprehensive, actionable and robust. Our methodology ensures that you have incident response plans that cover:


solutions_AR_preparation_ico

Preparation

Establish management commitment, organizational accountability and allocation of resources to prepare.



solutions_MDR_360_ico

Identification

Identify and detect an incident as soon as possible.



solutions_IR_containment_ico

Containment

Develop procedures to help contain damage and restore affected systems to their normal operating state.



solutions_IR_eradication_ico

Eradication

Help develop procedures focused on the removal of threats for infected systems. Pondurance may recommend eradication procedures that are designated for internal execution and others that may be best executed by third parties (i.e., forensic analysis, memory scraping and analysis, system cleaning, etc.).



solutions_IR_recovery_ico

Recovery

Develop procedures that provide a basis of recovery for minimum or normal operations.


solutions_AR_learning_ico

Learning

Develop a process for validating the plan, facilitating tabletop exercises and adopting a lessons learned process from real-world events.

Security Testing

Pondurance offers external and internal testing. External testing is designed to represent the visibility and access that an external threat would have and is performed from the Pondurance Penetration Testing Laboratory. Internal testing is designed to represent a malicious insider or attacker who has gained a foothold into the network via techniques such as phishing, malware or stolen credentials. The combination of these two methodologies provides enhanced insight into an organization’s defenses.

Penetration Testing

Information gathering

Perform comprehensive discovery and enumeration procedures to target pertinent internal address ranges. Establish a baseline of services to manually test for common configuration issues and vulnerabilities.

Verification and manual testing

Review and validate all identified vulnerabilities to remove false positives. Human-driven manual testing procedures are executed to identify flaws not easily identified with automated tools. Penetration testing is performed against identified vulnerabilities to evaluate the effectiveness of security controls. 

Vulnerability discovery

Perform detailed security analysis and vulnerability scanning using a comprehensive suite of tools.

Application Security Testing



solutions_AR_dast_ico

Dynamic application testing​

Pondurance performs detailed application security analysis and vulnerability scanning using a comprehensive suite of tools. The testing encompasses the various tiers of the application architecture to provide a deep assessment of critical applications. Areas of testing include, but are not limited to:

  • OWASP Top10
  • Verification and manual testing



solutions_AR_sast_ico

Static application security testing (SAST)

Pondurance will analyze your application source code, byte code and binaries for coding and design conditions that are indicative of security vulnerabilities. Our SAST services analyze an application from the “inside out” in a nonrunning state via:
 
  • Information gathering and isolation
  • Automated methods verification and manual review

Red Team Exercise (Physical Penetration Testing)

Pondurance can help validate both digital and physical security to ensure that your organization has a clear understanding of risk. Whether the engagement begins with spear-phishing an employee or attempting to enter facilities, we’ll first discuss all scenarios with you during a rules of engagement meeting. This discussion ensures that your expectations will be met and our techniques are approved.

Some in-scope procedures for the physical penetration testing include:

  • Covert facility surveillance
  • Attempts to gain unauthorized entry (RFID cloning, lock picking, etc.)
  • Secure access via tailgating
  • Credential forgery/impersonation
  • Unauthorized access to sensitive materials
  • Clean desk check

A System That Delivers

Cybersecurity technology has improved, but bad actors continue to evolve. The requirements for effective cyber defense have grown beyond traditional data and system security solutions. What worked five years ago no longer covers the complexity of modern threats. As threat actors develop new ways to expose vulnerabilities and exploit businesses, cybersecurity teams are stretched to keep their organizations safe, stable and resilient against attacks. At Pondurance, it’s our job to know the threat so we can provide you with the best service and protection.