Penetration Testing
Penetration Testing
- In a time where news of data breaches are becoming “the new normal,” the need for organizations to evaluate their overall risk and avoid becoming the next victim has become critical. Organizations simply can’t protect themselves from risks they’re unaware of. Additionally, many organizations are simply unsure where to start.
- During a time where attackers are becoming more sophisticated and performing these attacks on a regular basis, it is imperative that organizations establish and maintain an information security program that allows them more flexibility on when and how often they can assess their environments.
- As small and mid-sized businesses (SMBs) embrace new technological developments like the rise of artificial intelligence (AI), cloud computing, and the internet of things (IoT), they often overlook the security implications of digital transformation. This leaves many organizations vulnerable to cyber theft, scams, extortion, and countless other cyber crimes. As a result, two in three SMBs suffered a security breach in the last year and cyber attacks are becoming increasingly sophisticated, targeted, and damaging. With the average cost per incident exceeding $380,000 as it is, a single security breach can be detrimental to a small firm. It is, therefore, vital that SMBs begin prioritizing cyber security.
Benefits of Penetration Testing With Us:
- Run a penetration test on your schedule: We offer scheduling flexibility. Let us know what day and time you’d like us to perform your penetration test and we can get it scheduled immediately with no delays.
- Real-time Notifications: Notifications are always sent out when the penetration test starts and stops, keeping important individuals in the know as to when things are going on. This is also helpful in case there are some alerts that get triggered.
- Reports that Drive Results: The data provided in the reports will always be very informative. How these risks affect your organization, where your organization stands compared to its peers, how this compares to the last assessment, etc. are all examples of data that are included in each report.
- Affordability: Our pricing is very competitive when compared to traditional penetration testing firms but provides a lot more value for the same or smaller price point.
- Transparency at Your Fingertips: Your IT team can always log into their portal to get a list of contacts involved in the project, communicate with our consultant, as well as get a progress update that provides preliminary results and expected completion dates.
- Reduce Turnaround Time for Detection and Response: Because all activities are tracked, including any manual activities conducted by a consultant, organizations can download this activity log and correlate activities with their SIEM and incident response procedures. This is extremely useful in helping organizations make adjustments and tweak their controls, reducing the turnaround time for detection and response.
Cyber Security Facts & Statistics
- Data breaches exposed 4.1 billion records in the first half of 2019, a 54% increase over the first half of last year. Source: 2019 Risk Based Security Report
- Two in three SMBs suffered cyberattacks and data breaches in the past year. Source: 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses by Keeper Security and Ponemon Institute
- Last year, 43% of reported data breaches involved small to mid-sized businesses (SMBs), so say what you will about cybercrime, but it does not discriminate. Source: Verizon (2019) PDF
- However, in comparison with larger organizations, SMBs usually have very few resources to draw on in order to protect themselves against cyber threats and to help them recover if they experience a security breach. In line with this, a 2019 survey found that 25% of SMBs suffering a data breach in the previous 12 months ended up filing for bankruptcy and 10% actually went out of business. Source: National Cyber Security Alliance (2019).
- According to a recent industry study, the biggest challenge preventing small companies from optimizing their security strategy is actually a lack of qualified staff, which affects a whopping 77% of SMBs. Source: Keeper Security & Ponemon Institute – 2019
- According to a recent study, a staggering 76% of US SMBs suffered a cyberattack last year, and 69% experienced a data breach. Source: Ibid.
- Since 2017, over 22,000 new software and hardware vulnerabilities have been disclosed every year, leaving organizations of all sizes struggling to keep their systems updated. Source: Risk Based Security – 2020
- SMBs often need over a month to install critical patches affecting operating systems (35%) and third- party software (58%), putting them at risk of cyberattacks exploiting brand new vulnerabilities. Source: Kaseya – 2019
- Further complicating matters is the fact that many threat campaigns exploit vulnerabilities with relatively low CVSS scores that companies are less likely to prioritize. Source: RiskSense – 2019
- Recent research reveals that 4 out of 5 data breaches are the result of threat actors exploiting weak and/or stolen passwords. Many SMBs are vulnerable to password-based attacks because they have not implemented a proper password management strategy. Source: World Economic Forum – 2020
- Only 41% of small and mid-market firms enforce periodic password changes, just 38% prevent password reuse on internal systems and a mere 29% require a minimum password length. To make things worse, few companies regularly check if employee email accounts have been compromised in a data breach. Source: Keeper Security & Ponemon Institute – 2019
- Last year the vast majority of SMBs were targeted with exploits and/or malware that evaded their anti-virus (82%) and intrusion detection system (69%). Source: Keeper Security & Ponemon Institute – 2019
Penetration Test vs Vulnerability Test
A vulnerability assessment essentially tells the customer that the door is unlocked; however, a penetration test actually tells the customer that, because the door is unlocked, we found an unlocked safe, unsecured jewelry, credit cards, and social security numbers laying around on the bed. It also explains how you could secure the door next time, how to protect the confidential data laying around on the bed, and then some.
What a Vulnerability Test will find:
- Patching vulnerabilities
- Default passwords amongst services
- Configuration deficiencies
- False positive vulnerabilities (e.g. flagging services based on version numbers, not knowing if patches are applied)
What a Penetration Test will find:
- Weak domain user account passwords
- Sensitive files stored on network shares
- Sensitive data within databases
- Weak password policies
- Network share permission issues
- Man-in-the-middle attacks and possibilities
Scope and Methodology
External Network Penetration Test
The internal and external testing phases are similar in many ways, with the exception of leveraging Open-Source Intelligence (OSINT). These assessments take a comprehensive approach to identifying security vulnerabilities which expose systems and services to potential threats. To accomplish this goal, our consultants leverage a number of resources and techniques to identify, enumerate, and exploit the targeted systems. The following components are included in this phase:
- Information Gathering – During the information gathering phase, we leverage several publicly accessible sources in order to gather as much information about the organization’s environment as possible. This includes doppelganger domains, IP address ranges (if possible), usernames, vulnerabilities listed from sites such as Shodan, as well as metadata harvested from files. Additionally, this process includes analyzing publicly available DNS records to identify information that may be valuable during an attack, such as additional CNAME records, the lack of MX records, etc.
- Host Discovery – We leverage several techniques to facilitate host discovery techniques, including ping sweeps and port scans. Using tools such as Nmap and Masscan, we are able to perform several attempts to identify active systems within the ranges provided to us. This list of discovered hosts is then fed into the platform to facilitate the remainder of the penetration test, including enumeration, exploitation, as well as post-exploitation.
- Enumeration – After obtaining a list of active systems from the host discovery process, the next phase that we perform is enumeration of information. This is based on the ports that were found open within the host discovery process. This process is supported by a combination of tools, including Nmap, Metasploit, Hydra, and proprietary tools. Furthermore, we also analyze network-layer traffic to determine if any vulnerabilities could be discovered, such as the presence of broadcast protocols that may lead to exploitation.
- Exploitation – If a security vulnerability is discovered from the enumeration process, we attempt to perform exploitation against the network service with the intention of gaining remote command execution on the compromised system.
- Post Exploitation – After successfully gaining access to a compromised system from the external network environment, we attempt to perform the steps of an internal penetration test with the intention of gaining further access into the internal network environment. This includes pivoting, extracting information from the systems that may be useful for privilege escalation and lateral movement, and more.
External Network Vulnerability Assessment
- Vulnerability Analysis – The only process performed during an external vulnerability network assessment is a vulnerability analysis. This includes performing a vulnerability scan across all systems that are accessible via the Internet using a database of known vulnerabilities. All vulnerabilities discovered during this process use the severity rankings and other data extracted from the vulnerability scanner. We do not attempt to manipulate any severity rankings or any information produced by the vulnerability scanner.
Internal Network Penetration Test
- Information Gathering – During the information gathering process for the internal network penetration test, our consultant attempts to learn more information about the internal network environment based on information available without conducting any attacks. Such information including DNS names and FQDN learned from DHCP and internal DNS records.
- Host Discovery – We leverage several techniques to facilitate host discovery techniques, including ping sweeps and port scans. Using tools such as Nmap and Masscan, we are able to perform several attempts to identify active systems within the ranges provided. This list of discovered hosts is then used to facilitate the remainder of the penetration test, including enumeration, exploitation, as well as post-exploitation.
- Enumeration – After obtaining a list of active systems from the host discovery process, the next phase that we perform is enumeration of information. This is based on the ports that were found open within the host discovery process. This process is supported by a combination of tools, including Nmap, Metasploit, Hydra, and proprietary tools we developed. Furthermore, we also analyze network-layer traffic to determine if any vulnerabilities could be discovered, such as the presence of broadcast protocols that may lead to exploitation.
- Exploitation – With as much information enumerated as possible, our consultants perform exploitation, attempting to gain remote access to services or systems. Using tools including (but not limited to) Metasploit, Impacket, CrackMapExec, and proprietary exploitation scripts, We exercise extreme caution to only execute exploits that are known to be safe and avoid negative impact to the confidentiality, integrity, or availability of systems and/or resources.
- Post Exploitation – We use the information gathered within the enumeration and exploitation phase of the penetration test to facilitate post exploitation. The objective of post exploitation is to gain as much access to the environment as possible, followed by the enumeration of sensitive information. This is supported by tools such as Metasploit, smbspider, Plunder, and other tools within Kali Linux. Additional tools are used to parse information extracted from this process with the intention of discovering sensitive information such as credit card numbers, social security numbers, passwords, and more.
Internal Network Vulnerability Assessment
- Vulnerability Analysis – The only process performed during an external vulnerability network assessment is a vulnerability analysis. This includes performing a vulnerability scan across all systems that are accessible via the internal network environment using a database of known vulnerabilities. All vulnerabilities discovered during this process use the severity rankings and other data extracted from the vulnerability scanner. We do not attempt to manipulate any severity rankings or any information produced by the vulnerability scanner.
Contact us about a Penetration Test for your organization
Frequently Asked Questions
Depending on how many computers are in your network you can count on it taking the best part of a week before you get results back.
They are not cheap, anything that takes us best part of a week to accomplish probably isnt as there is a lot of data to test and collect. Give us a call and we will be happy to discuss this with you. But if you are one of our Service Agreement clients we provide them as part of our service.
Yes, this should satisfy your HIPAA or Cyber Liability Insurance requirements as a scan by a 3rd Party.