CoNetrix Security's external penetration testing services are developed to mirror actions taken by potential adversaries, including establishing an initial footprint of the network, detecting and validating vulnerabilities and configuration issues and, where appropriate, exploiting vulnerabilities to provide explicit proof of the associated risk and attack complexity.
Benchmark coverage includes:
Our benchmark engagement is an annual External Penetration Test with three Internet Exposure and Vulnerability Assessments (IEVAs) performed quarterly throughout the year.
Need more frequent testing? Contact your account representative.
If exploitation is achieved during the External Pen Test, post-exploitation testing can be performed to provide more in-depth context about the associated risks and potential impact of the identified exploit.
We will attempt to use the exploit for additional data gathering, pivoting to other systems, and network reconnaissance. The additional testing provides a stronger understanding of the compromised system's value and may help identify evidence of previous compromises.
When an exploit is discovered, post-exploitation testing would require the customer's permission and would be performed at an hourly rate defined in the pen test agreement.
External Pen Tests can be expanded to include additional coverage, such as:
Our clients view CoNetrix Security as their valued partner in information security. Our testing methodology is based on open communication, collaboration, and relationships.
As an annual engagement, you can call us during the balance of the year following your testing with questions about findings, questions regarding IT regulatory exams, etc.
Easy-to-read reports present findings sorted by associated risk. Reports include detailed remediation recommendations and a personal review with an information and cyber security expert.
Our clients are provided with a complimentary subscription to Tandem Security and Compliance Software® Audit Management Lite. Findings are populated in the software, facilitating the formal response process to any exceptions.
Adversarial PerspectiveMuch more substantial than an automated scan, we offer red team perspective, observation, and experience to help identify vulnerabilities and exploitations. |
|
Comprehensive EngagementsWe offer comprehensive exploitation-based penetration tests, not just a single port scan. In-depth testing is performed using multiple tools from different perspectives. |
|
Knowledge and ExperienceOur pen test engineers hold numerous security certifications, such as OSCP, CEH, CISSP, SSCP, CISM, CISA, and other Microsoft and Cisco security specializations. |
CoNetrix Security recognizes each company varies in size and complexity. Our pen testing options are designed to be modified to fit your needs. Ask your account manager about packaging options to get the right testing engagement, frequency, and coverage for your company. Contact Us.