Penetration Testing

Professional external network security assessments always start with vulnerability identification at the network perimeter. Sword & Shield then examines and analyzes network security safeguards to ensure appropriate security procedures, controls and policies are in place and effective. We have developed an expert methodology and proprietary tools to perform in-depth, customized security reviews that produce vital data for reducing risk. Our external network security testing service includes:

• Vulnerability Assessment – automated testing evaluates specific systems and individual devices for known weaknesses; Sword & Shield then manually reviews results to eliminate false positives.
• Penetration Testing – using vulnerability assessment results, our analysts attempt to bypass identified security weaknesses; we can determine how a system may be compromised and where additional safeguards are needed.
• Security Auditing – validates that there is a functional security mechanism for every security requirement.

Our Methodology for External Network Security Testing

Our objective is to examine the subsystems, components and security mechanisms of the external, Internet-facing network infrastructure and identify security weaknesses. Sword & Shield analysts are highly experienced and skilled, and will work with clients to create the most suitable test plan. We can perform external security testing remotely, and use a variety of scanning tools in combination to improve the accuracy of test results and produce sound, actionable recommendations. In most cases, finding vulnerabilities is only the first step. To prevent a security breach, our analysts think like hackers by devising penetration test plans to exploit one or more weaknesses found during vulnerability discovery. If we are able to penetrate the perimeter defenses, we notify the client immediately and leave behind non-harmful evidence.

Sword & Shield’s approach to external network vulnerability assessments and penetration testing consists of eight key stages:

1. Security Architecture Review
2. Vulnerability Analysis Test Plan
3. Network Mapping and Data Collection
4. Threat Model Identification
5. Vulnerability Identification
6. Penetration Testing
7. Analysis and Reporting
8. Vulnerability Reporting Tool (VuReTo™) – our proprietary tool for consolidating vulnerabilities from different vulnerability scanning programs

Questions Our Report Will Answer

• What are the most critical vulnerabilities that threaten the security of my perimeter defenses?
• What is the probability that a hacker could penetrate my perimeter and gain access to my data?
• Do I have unauthorized hosts on my network?
• How do I prioritize the vulnerabilities found, create a plan for improvement and get budget approved?

Security Testing results and analysis are presented in a comprehensive report. The report details the vulnerabilities present and/or exploited in the network, network devices and specific systems. The impact of vulnerability exploitation is discussed and may be used as input for further risk analyses. In addition to describing the current security posture, we provide recommendations for safeguarding systems, including tools, policies, procedures and information sources.

Real Success Story

During the course of an external Network Vulnerability Assessment (NVA) and Penetration Test (PT) for a mid-size insurance company, Sword & Shield analysts discovered a log-in prompt on an Internet-facing host. Upon further inspection, Sword & Shield identified a short string of text which is commonly associated with a specific type of system. Using a list of known accounts found on the Internet that are commonly associated with the system, Sword & Shield was able to successfully log in. Then the Sword & Shield team used a search tool included in the system to collect the full name, date of birth, social security number and home address of hundreds of the insurance company’s clients.

Based on Sword & Shield’s findings, the insurance company immediately disabled all of the default accounts and removed the short string of text provided within the log-in prompt. Sword & Shield’s external NVA/PT helped the insurance company correct a critical vulnerability which could have resulted in a malicious Internet-based threat collecting sensitive client data for identity theft.

Find Out More

Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or contact us by phone so we can begin securing your future.

U.S. Toll-free: 800-810-1885

International: 865-244-3500

Request a Consultation

Name *
Company
Email *
Phone *
State	Select a StateAlabamaAlaskaArizonaArkansasCaliforniaColoradoConnecticutDelawareDistrict of ColumbiaFloridaGeorgiaHawaiiIdahoIllinoisIndianaIowaKansasKentuckyLouisianaMaineMarylandMassachusettsMichiganMinnesotaMississippiMissouriMontanaNebraskaNevadaNew HampshireNew JerseyNew MexicoNew YorkNorth CarolinaNorth DakotaOhioOklahomaOregonPennsylvaniaRhode IslandSouth CarolinaSouth DakotaTennesseeTexasUtahVermontVirginiaWashingtonWest VirginiaWisconsinWyoming
How can we help you today?
Spam Protection	Type this:
Sales answers requests within 1 business day and usually within a few hours.