External Penetration Test

CoNetrix Security's external penetration testing services are developed to mirror actions taken by potential adversaries, including establishing an initial footprint of the network, detecting and validating vulnerabilities and configuration issues and, where appropriate, exploiting vulnerabilities to provide explicit proof of the associated risk and attack complexity.

Benchmark coverage includes:

• Vulnerability scan by active hosts (IP Address + vHosts)
• Mapping of Internet exposure
• Custom risk-based report
• Multiple commercial and open-source tools
• Manual engineer review and validation
• Exploitation based on discovered vulnerabilities

Our benchmark engagement is an annual External Penetration Test with three Internet Exposure and Vulnerability Assessments (IEVAs) performed quarterly throughout the year.

Need more frequent testing? Contact your account representative.

Post-Exploitation Testing

If exploitation is achieved during the External Pen Test, post-exploitation testing can be performed to provide more in-depth context about the associated risks and potential impact of the identified exploit.

We will attempt to use the exploit for additional data gathering, pivoting to other systems, and network reconnaissance. The additional testing provides a stronger understanding of the compromised system's value and may help identify evidence of previous compromises.

When an exploit is discovered, post-exploitation testing would require the customer's permission and would be performed at an hourly rate defined in the pen test agreement.

Additional Coverage Options

External Pen Tests can be expanded to include additional coverage, such as:

• Testing of vendor and/or cloud hosted systems/services, upon approval from the vendor/provider
• Social Engineering Testing

Relationship-Focused Testing

Our clients view CoNetrix Security as their valued partner in information security. Our testing methodology is based on open communication, collaboration, and relationships.

As an annual engagement, you can call us during the balance of the year following your testing with questions about findings, questions regarding IT regulatory exams, etc.

Readable Reports with Free Findings Management Software

Easy-to-read reports present findings sorted by associated risk. Reports include detailed remediation recommendations and a personal review with an information and cyber security expert.

Our clients are provided with a complimentary subscription to Tandem Security and Compliance Software® Audit Management Lite. Findings are populated in the software, facilitating the formal response process to any exceptions.

The CoNetrix Difference

	Adversarial Perspective Much more substantial than an automated scan, we offer red team perspective, observation, and experience to help identify vulnerabilities and exploitations.
	Comprehensive Engagements We offer comprehensive exploitation-based penetration tests, not just a single port scan. In-depth testing is performed using multiple tools from different perspectives.
	Knowledge and Experience Our pen test engineers hold numerous security certifications, such as OSCP, CEH, CISSP, SSCP, CISM, CISA, and other Microsoft and Cisco security specializations.

Custom Engagements

CoNetrix Security recognizes each company varies in size and complexity. Our pen testing options are designed to be modified to fit your needs. Ask your account manager about packaging options to get the right testing engagement, frequency, and coverage for your company. Contact Us.

Ready to get started?

Request a Quote