Strategic Security Solutions

Penetration Tests

When we explain to non-security people what we do, this is always where we end up.  Everyone wants to hear about our Penetration Testing.  It’s the ‘sizzle’ of the security consulting world, conjuring images of guys with strange piercings sitting in dark rooms trying to break into a client’s network.

In actuality, Penetration Testing, or “ethical hacking”, has evolved into more science than art and is a vital service that relies on a proven methodology and leveraging a variety of cutting-edge tools to systematically identify network vulnerabilities.

Our Penetration Test Methodology

Our Penetration Testing Methodology has been established to achieve reliability, repeatability and quality.  Rather than rely on the cleverness of the pierced guy in the dark room, we empower our certified and decorated security engineers, following our proven process, to utilize a variety of professional tools and documented techniques to evaluate our clients’ network security.

Our Penetration Testing Methodology is explained below:

  • Discovery.  Our security engineers perform a sweep of IP ranges, using the same tools that the bad guys would use, to detect potential targets on your network.  And we conduct port sweeps to identify all ports currently open in your firewalls.
  • Enumeration.  Following the results of Discovery, our security engineers will gather as much information as possible about each item discovered.  This includes identifying usernames, network shares and application versions from running services.  Basically, in the Enumeration step, we ‘fingerprint’ the discovered item to identify what it is and what it’s doing on your network.
  • Vulnerability Mapping.  For each enumerated system/application/user/service, we then identify known and unknown vulnerabilities associated with each.  The result in a complete set of vulnerabilities that your network may currently be exposed to.
  • Exploitation.  Finally, once the vulnerabilities are identified, we actively attempt to penetrate them.  However, we do NOT do this in the dark.  We work closely with you to let you know when we’ll be conducting this portion of the test and what it might impact, so you can be prepared should a system go down. 

At the conclusion of our Penetration Tests, you come away with a thorough understanding of the vulnerabilities you are currently exposed to and evidence that exploitation is indeed feasible.  In addition, for each exploited vulnerability, we provide you a set of recommendations for remediation of that vulnerability. 

Nobody likes to see their network exposed, but it’s far better that you let a trusted partner show you the gaps before the ‘bad guys’ get to them.

Please contact us today and we will begin working with you immediately to secure your network defenses!