Enterprise Security Testing

Assessing the security posture through Enterprise Security Testing is one of many the steps necessary to protecting the organizations information assets. With the advent of new technologies and inherent interconnectivity, an entire digital frontier has become unharnessed. With these great conveniences and efficiencies new challenges are presented that increase the complexity of protecting sensitive information before it ends up in the hands of an adversary.

Enterprise Security Testing Service Offerings:

Vulnerability Testing & Assessment – Vulnerability testing and assessments examine the underlying systems and resources that make up the infrastructure. We search for vulnerabilities and weaknesses that may put the enterprise environment at risk. The vulnerability assessment will provide an organization with the discovery, analysis, and controlled exploitation of security vulnerabilities that are accessible from external and internal sources. Identified vulnerabilities are validated through both manual and automated processes to eliminate false positive findings.

Penetration Testing: Penetration tests help to truly quantify the impact of a real-world security incident or an attack against your environment. Leveraging the same tools and techniques as an attacker, penetration testing activities are performed to fully assess the effectiveness of the organization’s controls. Pondurance approaches penetration testing in a controlled manner by first coordinating with client personnel to identify the goals and objectives of the test, establishing rules of engagement, and expected end results. From an availability perspective denial-of-service (DoS) conditions are never intentionally pursued in penetration testing engagements. Finally, Pondurance consultants maintain constant communication via our secure portal so that everyone is aware of the activities as they unfold and are completed.

Secure Configuration Review: Pondurance reviews operating systems and network devices for configuration settings that align with industry best practices and vendor-recommended guidelines.

Security Architecture Review: This activity reviews a comprehensive list of the organization’s technical and strategic information security requirements, such as network design, access controls, environment assets, remote access, and monitoring, alerts, and reports of the underlying infrastructure. The architecture is then compared against best practices or requirements and any improvements or gaps are documented with recommendations to assist with alleviating the current risk.

Physical Security Testing: This service penetrates the physical security of a targeted facility through the identification of gaps and/or weaknesses in the facility’s physical security controls. This service includes the manipulation of locks, identification systems, and entryways.

Social Engineering: Social Engineering identifies gaps in your employee information security awareness training and pinpoints what changes to your business’s culture will need to be made to continue to conduct business in the modern world. Based on these needs, the following social engineering tests are available:
User Based: This uses various electronic communication mediums (email, telephone, social networking, etc.) to take advantage of the environment’s users in order to gain access to sensitive information or targeted data. Common scenarios include coordinated pre-texted calling scenarios and targeted email phishing campaigns.

Physical Based: A physical based social engineering test takes advantage of weaknesses in the physical security and your user’s security awareness training to attempt to gain unauthorized access to the facility and sensitive data assets.

Wireless Testing: Wireless testing provides examines security vulnerabilities and exposures within the targeted environment through the use of wireless radio analysis and configuration review. This service can target technology and implementation vulnerabilities, as well as user information security awareness.