Customers often refer to this service by many names, including Penetration Testing, Intrusion Testing, Ethical Hacking, Vulnerability Assessment, and Internal/External IT Security Audits.
At Sword & Shield, we have developed an expert methodology and proprietary tools to perform in-depth security reviews for reducing your network’s risk. Our internal/external network security testing service includes the following.
- Vulnerability Assessment – Automated testing evaluates specific systems and individual devices for known weaknesses. Sword & Shield analysts then manually review the results to eliminate any false positives.
- Penetration Testing – Using the vulnerability assessment results, our analysts attempt to use the identified security weaknesses to bypass system controls. This assists the analysts in determining how a system may be compromised and where additional safeguards are needed.
- Security Auditing – The security audit process will evaluate if there is a functional security mechanism in place for every security requirement.
Penetration Testing for Compliance
Some of our customers want a penetration test to satisfy their internal security standards. Others need a penetration test for compliance reasons. For customers seeking regulatory compliance we can provide a penetration test as part of a comprehensive compliance solution for healthcare, PCI, and Experian EI3PA.
|PCI DSS Requirement 11.3.1 requires the performance of a network-layer penetration test at least once a year and after any significant infrastructure upgrade or modification.|
Our Approach to Internal/External Network Security Testing
Our objective is to examine security weaknesses in your Internet-facing network infrastructure. Sword & Shield analysts are experienced and highly skilled. We work with the client to create the optimal test plan. We can perform internal/external security testing remotely to reduce travel and lodging expenses. Our security engineers use a variety of scanning tools to improve the accuracy of the test results,to produce sound and actionable recommendations.
Key Testing Stages include:
- Security Architecture Review
- Vulnerability Analysis Test Plan
- Network Mapping and Data Collection
- Threat Model Identification
- Vulnerability Identification
- Penetration Testing
- Analysis and Reporting
- Gauntlet™ is our proprietary platform for aggregating and correlating identified vulnerabilities across multiple security tools to produce actionable reports.
Questions Our Report Will Answer
- What are the most critical vulnerabilities that threaten the security of my perimeter defenses?
- What is the probability that a hacker could penetrate my perimeter and gain access to my data?
- Do I have unauthorized hosts on my network?
- How do I prioritize the vulnerabilities, create a plan for improvement and get the budget approved?
Real Success Story
Sword & Shield analysts were conducting an external Network Vulnerability Assessment (NVA) and Penetration Test (PT) for a mid-size insurance company. They discovered a log-in prompt on an Internet-facing host. Upon further inspection, they identified a short string of text which is commonly associated with a specific type of system. Using a list of known accounts found on the Internet that are commonly associated with the system, they were able to log in successfully. Next they used a search tool, included in the system, to collect: the full name, date of birth, Social Security Number, and home address of hundreds of the insurance company’s clients.
Based on the findings of the Sword & Shield team, the insurance company was able to correct the problems immediately. They disabled all of the default accounts and removed the short string of text provided within the log-in prompt. This is just one example of how the Sword & Shield external NVA/PT quickly helped an insurance company correct a critical vulnerability.
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or call us so we can begin securing your future.
U.S. Toll-free: 800-810-1885