Today, cyber-terrorism and cyber attacks on companies, government and financial institutions around the world is a reality. From web pages, theft of financial information databases, theft of email or social network passwords, cell phone chats, photos, even identity theft, they are all day-to-day realities.
The most effective way to counteract computer attacks is by doing vulnerability tests periodically, where certified professionals do all kinds of tests and attacks (without damaging) the network, computer equipment, voice over IP telephony and mobile devices and report confidentially. all the vulnerabilities found to the client. In this way, existing security flaws can be corrected and future attacks and information theft can be prevented.
The damage that a “hack” can cause to your network, at a monetary level, could amount to thousands of dollars (or more depending on your organization), not counting the public embarrassment and lack of trust that this could generate in your customers. These attacks can come from other countries, groups of cybercriminals, cyberterrorists, who have (great) economic motivations or from a 15-year-old with a lot of knowledge and time in his hands; It is also common for attacks to originate within the same corporate or institutional network, often by their own collaborators.
WHY TEST FOR VULNERABILITIES?
It is important for the security of the organization.
It is a way to detect and solve security problems by classifying vulnerabilities before someone or something can exploit them.
In this process, operating systems, application software, and the network are scanned for vulnerabilities, including improper software design, insecure authentication, and more.
Vulnerability testing can be compared to looking for open doors in a building, and is the first stage in any strategy to verify the security of a corporate network.
We have qualified engineers with a lot of experience, with international certifications in the field of cybersecurity such as:
CISSP (Certified Information Systems Security Professional), CEH (Certified Ethical Hacker), ECSA (EC-Council Security Analyst), LPT (Licensed Penetration Tester), GPEN (GIAC Certified Penetration Tester), GCIH (GIAC Certified Incident Handler), OSCP ( Offensive Security Certified Professional), OSWP (Offensive Security Wireless Professional), OSCE (Offensive Security Certified Expert), OSWE (Offensive Security), OSEE (Offensive Security Exploitation Expert), Linux +, Network +, Malware Analysis.
We also comply with the international codes of EC-COUNCIL, ISACA, Sans Institute and ISC2.
The penetration tests we offer will help you:
• Identify both external and internal threats
• Assess and prioritize the risk of each identified vulnerability
• Examine database and applied environments as well as networks
• Find non-technical methods of accessing your IT assets without authorization.
Usually the general characteristics of the infrastructure to be analyzed are:
1. Desktop computers and laptops.
3. Connectivity between branches.
4. Wireless networks.
5. Firewalls, switches and routers.
6. Voice Over IP Telephony (VoIP).
7. Web portal of the company or institution.
8. IoT (Internet of things)
Our specialists use a proven combination of industry-recognized tools, coupled with our own techniques, to thoroughly examine and identify vulnerabilities in your computer systems. Unlike other automated services that only provide a computer-generated listing of each vulnerability that exists on your network, our service includes prioritizing the vulnerabilities that are most relevant to your infrastructure, as well as offering you practical advice to reduce them.
Our staff also use specialized equipment to perform wireless tests, to identify wireless networks or wireless devices (such as laptops or cell phones) that are being used by legitimate users but do not conform to your organization’s security policies.
The second level of service goes deeper by exploiting the weaknesses found to simulate a real attack. Using the same methods as hackers, our technicians will carry out activities such as collecting information, collecting fingerprints printed on the network and trying to pass access controls. With one of the largest penetration testing teams we have the ability to review all operating platforms in addition to investigating the areas of invade dangerous HTML code from different sources (XSS), code hacking problems, SQL injection, XML services and web.
THE INTERNAL THREAT
Our deepest level of service takes into account that a significant number of attacks originate within the same organization and to address them we use advanced testing techniques both internally and remotely. Our technicians will review your security architecture to identify what access your collaborators have to company information.
We can work with your IT department to simulate denial of service attacks, test your responses (from system and personnel) to intrusion attempts, make attempts to access wireless networks, or use social engineering techniques to identify non-entry points. technicians to your organization and its assets.
Additionally, we offer an annual penetration testing service where we will regularly test your infrastructure according to a previously established schedule.
Regardless of the magnitude of the contract, we will always develop a comprehensive report that will detail the points identified in our analysis, an explanation of its possible repercussions, and more importantly, recommendations to reduce or eliminate the implicit risks.
We deliver two reports:
➢ Executive summary of the results: Report with a non-technical approach in which the results of the project are presented to the directors of the company
➢ Technical Report:
o Details of all the tests carried out specifying their objective.
o Results obtained in the different tests that have been carried out.
o Classification of security problems according to their level of danger
o USB memory of evidence collected for each of the tests