Examining security vulnerabilities and attempting to exploit them is a key line of defense in protecting your organization from breaches.
You may think your infrastructure is protected…
You may think your infrastructure is protected, but those with malicious intent are continuously looking to exploit weaknesses. While vulnerability scans and automatic updates reduce your risks, the only way to know how your infrastructure would react in the event of an attempted attack is to conduct penetration testing.
Using ethical hackers
TECH LOCK® employs trained, certified experts as ethical hackers to search for weaknesses in infrastructure (hardware), applications (software) and people to proactively correct deficiencies before you experience a breach.
Types of testing
Most penetration tests include network and application penetration testing as standard.
Web application penetration testing includes identifying and exploiting SQL injection flaws and combining with other methods such as social engineering in cross-site scripting and cross-site request forgery attack.
Social engineering involves human interaction. Examples include phishing emails and telephone calls used to obtain credentials and access to internal systems.
Premise/ Physical Security
A network can be technically secure but physically vulnerable. Regularly testing physical security controls can be just as important as a network penetration test.
Degree of information provided
TECH LOCK experts are equipped to test with a range of provided client information:
Tester begins with full knowledge of the target, including firewalls.
A limited amount of information is available.
Nothing is provided beyond the organization’s name.
Increasing penetration testing requirements
PCI DSS requires organizations to annually conduct both internal and external tests. Starting Jan. 31 2018, service providers using network segmentation to reduce the scope of their PCI environment must additionally have a penetration test to validate their network segmentation conducted every six months.
With so many providers, why choose TECH LOCK?
• Testers receive industry-leading training, including SANS GPEN and Offensive Security.
• Rules of engagement are carefully defined to provide a professional, safe penetration test.
• TECH LOCK models activities of real-world attackers.
• TECH LOCK seeks vulnerable spots in systems and exploits weaknesses under controlled conditions.
• Test helps determine risk and potential business impact.
• TECH LOCK helps organizations prioritize resources to improve security.
• TECH LOCK offers several types of penetration tests.
TECH LOCK helps many organizations decrease their risks through penetrating testing.