720-891-1663

IT Infrastructure Technical Testing Services

NOTE: CyberCecurity offers a full range of both assessment and technical testing services. Our assessment services examine your strategic governance of risk management. The technical testing utilizes ethical hacker best practices to reconnoiter and/or attempt to penetrate your IT infrastructure--just like a hacker would. For more information about our ASSESSMENT services please go to: https://www.cybercecurity.com/assessments-and-testing

The IT infrastructure technical testing services are designed to actually TEST and/or monitor the quality of your IT infrastructure defenses. Our IT infrastructure technical testing services include:

  1. Vulnerability Testing
  2. Penetration Testing
  3. Physical Testing
  4. Social Engineering Testing
  5. External Attack Surface Testing (EAST)
  6. Open Source Intelligence Testing (OSINT)

IT infrastructure technical testing features include:

  1. Testing is carefully scoped to your company’s specific needs and requirements.
  2. Thorough testing prep performed before testing begins.
  3. The team executes on an agreed upon menu of automated and manual tests that reduce cost and which are designed to NOT interfere with your IT operations.
  4. Most tests are conducted externally with no access into your IT infrastructure required.
  5. Most testing is targeted at specific IP addresses and/or website domain addresses.
  6. All external and internal testing is performed by experienced, vetted, insured, and well-supervised professionals following ethical testing best practices.
  7. Documentation follows testing best practices and test reports are designed to provide understandable, prioritized, and actionable results for both executives and IT personnel.
  8. Mitigation support is available if desired.

The following IT infrastructure technical testing options are available:

Vulnerability Testing: (Delivery time: approx. 2-4 weeks) Vulnerability testing is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures. Typically, vulnerability testing consists of both automated and manual processes. Vulnerability testing is also referred to as “vulnerability scans” and “vulnerability assessments.”

Types of vulnerability testing available to you: Network, application, mobile, database, host-based, wireless network. Also note that there is EXTERNAL testing and INTERNAL testing. External is when we simulate an attacker that is not in your system yet and who is reconnoitering your system prior to a penetration attempt. Internal is when the tester is already inside your system and is trying to move laterally within your system.

Penetration Testing: (Delivery time: approx. 30-60 days) A primary difference between penetration testing and vulnerability testing is that it is more aggressive and attempts to breach your systems’ external and internal defenses. Penetration testing is also referred to as “ethical hacking.”

Penetration testing attempts to exploit vulnerabilities identified during vulnerability testing. Penetration testing consists of both automated and manual processes–but depending on the situation, more manual processes will be employed. The same types of penetration tests are available as vulnerability tests described above.

Physical Testing: (Delivery time: approx. 2-4 weeks) Also referred to as “cyber-physical security tests,” ”red teaming” or ”physical penetration testing,” these are primarily manual tests of your company’s physical security. They evaluate things like video security, alarms systems, visitor monitoring, work area security, etc. They also look at things like “can the after-hours cleaning personnel get access to our systems and data?”

Social Engineering Testing: (Delivery time: approx. 2-4 weeks) Social engineering refers to all techniques aimed at tricking or manipulating a target into revealing specific information or performing a specific action for illegitimate reasons. Social engineering is at the core of ransomware and other popular email “phishing” attacks. Common social engineering attacks include phishing, vishing, pretexting, baiting, quid pro quo, tailgating, and CEO fraud.

External Attack Surface Testing (EAST): (Delivery time: TBD) EAST testing shares some commonalities with vulnerability testing in that both types of test are probing you EXTERNALLY and collecting information. EAST goes a bit further by continuously monitoring the communications between your company and external sources and warning you of known and possible threats.

Open Source Intelligence Testing (OSINT): (Delivery time: approx. 2-4 weeks) OSINT is a manual and automated process of intelligence gathering on the open and dark webs for posted/public information related to individuals and companies that can be used for attack. This intelligence gathering process includes social media platforms.

For more testing and pricing information please contact:

Ray Hutchins, Managing Partner
CyberCecurity
rh@cybercecurity.com
303-887-5864

Common question: My CIO is in favor of bringing in a consulting firm to assess our security program following a series of minor security incidents. I'm reluctant to do so because I think it will only serve as a distraction. Should I hold firm, or find a way to work with the consultants, and if so, what's the best way to do so. ANSWER.

© 2024 Copyright CyberCecurity, All rights reserved. Privacy Policy Last Updated June 21, 2022

z z