Penetration Testing Services
It's no secret that cyber-attacks are becoming more common and that cyber criminals are here to stay. Total annual losses are in the billions of dollars, with hackers increasingly targeting small and medium-sized firms. Asgard Cyber Security’s pen testing services identify vulnerabilities before hackers do. Count on Asgard Cyber Security as your first line of defense against data breaches.
At Asgard Cyber Security, we believe that one size does not fit all. One of our strongest differentiators is that we create a bespoke pen test protocol with each client at the outset of our engagement. We spend time creating the plan with our clients’ IT staff or MSP in order to gain the maximum results from the test.
Many test providers utilize automated “boiler plate” tactics. Asgard conducts a fully manual test that is 100% designed to simulate how a real adversary would attempt to infiltrate your network. This enables our clients to see what could happen “in real life” based on your current level of security.
Every Penetration Tester at Asgard has a minimum certification of Offensive Security Certified Professional (OSCP) -- this ensures that you will have a capable hacker that is performing the penetration testing service. In addition, our CTO, Michael Hotchkiss (OSCP, OSCE, CISSP), reviews EVERY test at key milestones to provide insight or guidance. Our penetration testers will also be available to you to provide details and recommendations during our post-test debriefing.
What is a penetration test?
A penetration test is a targeted attack of your environment using tools and methods that cybercriminals currently employ in the real world. However, unlike a real attack, our penetration tests make every effort NOT to harm your environment or disrupt your normal business operations. A good penetration test not only determines what vulnerabilities you may have, but also demonstrates how an attacker might exploit a vulnerable device to infiltrate your entire network and valuable data. The goal of a penetration test should be to test your organization's ability to detect and block malicious activity, and to determine your organization's response to a real cybersecurity incident.
5 Step Penetration Testing Process
While Asgard customizes each pen testing engagement, our team does follow a proven process beginning with a pre-testing interview to identify the desired scope and goals. We then follow a five-step testing process:
- Information gathering: Our penetration testers gather as much data as possible about your environment.
- Enumeration: We examine your network to locate possible targets and vulnerabilities.
- Rules of Engagement document: We define goals, parameters, objectives, ‘off limits’ with the clients to ensure alignment and maximize findings.
- Penetration: Our testers mimic a real-world attack on identified low-value and high-value targets, ensuring that we do not impact your normal business operations.
- Reporting: We share our test findings with you, communicating specific details and suggesting ways to resolve any security issues. These reports are detailed and audit-ready.
Our specialists conduct both black-box and white-box penetration testing to simulate attempted breaches from both inside and outside your networks. Besides conducting these tests and trying to exploit potential weak spots, we also explain how real-world hackers can accomplish the sample objectives.
The goal of Asgard's penetration testing services is to empower our clients with knowledge and insights. Our team will focus on testing current security measures in order to make recommendations to help you revise policies and allocate resources and future security budget in the most effective way.
Criminals Keep Evolving. Evolve Faster....with Asgard Cyber Security.
Black Box Penetration Testing Services
What is Black Box Penetration Testing?
A black box pen test simulates an attack from an unknown source with no internal knowledge of your environment. This type of test is ideal for organizations with internet-facing services such as websites, web applications, and remote work environments like Citrix or remote desktops.
Our team will use available resources on the internet and other techniques to attempt to gain access. This type of attack is uniquely tailored to your environment and should demonstrate what a remote hacker may attempt to do using modern techniques.
White Box Penetration Testing Services
What is White Box Penetration Testing?
A white box pen test simulates an attack from a person with internal access to your environment. According to a recent article "https://digitalguardian.com/blog/insider-outsider-data-security-threats", most security experts believe the greatest threat to your data comes from the inside. An internal breach may be caused by a disgruntled employee with an axe to grind, or just as easily by someone who unintentionally clicks on a phishing link. The likelihood and severity of an attack originating from the inside cannot be overstated.
With a White Box penetration test, you decide the internal level of access to see how far our team of professional hackers can go. This access can be as little as a network connection on the corporate network, but most typically is it a standard "domain user" account that should have limited access to sensitive resources.
What can I expect from a penetration test with Asgard Cyber Security?
1. Pre-test interview with stakeholders
Before we begin our tests, we work with your organization to determine the Rules of Engagement, Scoping (which hosts to target or exclude), points of contact, timelines, milestones, and discuss any network or infrastructure details. This interview is usually limited to the IT department head and/or executives, as a large part of the test results depend on your team's response to our simulated attacks. During this meeting, we will discuss any NDA's or Waivers that may need to be signed.
2. Penetration Test
- Information Gathering
Our penetration testers will use various methods to gain information about your network, hardware, company, applications, and users. This information will be documented and potentially used during other phases of the test.
At this point in the test, Asgard penetration testers will scan your network and determine targets and vulnerabilities.
This phase is where Asgard penetration testers will attempt to exploit vulnerabilities found and gain control of your company's resources. This can include exploiting unpatched vulnerabilities in software, cracking passwords, and pivoting from low value targets to high value targets. During these tests, we are careful to ensure business operations are not impacted.
After our tests, we will compile an exhaustive report of our findings, along with recommendations to make your environment more secure. At this time, the Asgard penetration tester is made available to your IT team to go over specific details of the report to make certain your team understands the issues, and more importantly, how to resolve them.