Services  |  Solutions  |  Technology  |  Vulnerability Research  |  Security Resources  |  Certifications   |  About

Host Discovery Vulnerability Management Solutions Penetration Testing Training - NSAT™ Training - TEAM Enterprise Risk Assessments Policy Anti-Phishing & Internet Fraud Alert General Consulting

Penetration Testing - Overview

Vulnerability assessments identify weaknesses present in a client's network that possess the potential for exploit by an attacker. Penetration testing goes a step further, allowing you to see the consequences of a skilled attacker exploiting these weaknesses.

Penetration Testing Types

A penetration test performed on Internet-facing assets is an External Penetration Test, or EPT. A penetration test performed on intranet assets is an Internal Penetration Test, or IPT. Digital Defense offers both external and internal penetration test services, either as a one-time project or as a subscription. Project-based testing is best suited to clients seeking an ad hoc, one time evaluation of specific devices, part of their network, or their entire network. Subscription-based testing is most attractive to clients subscribing to our recurring vulnerability assessment service, and wishing to "finance" the cost of their penetration tests.

External Penetration Test (EPT)

A criminal hacker does not simply find the security holes and then leave. He burrows through your network, finding valuable resources (e.g., client credit card and account numbers) and steals them. Digital Defense's external penetration testing is comprehensive, exposing not only the intruder's view of the system, but also examining the configuration and management of the systems. Penetration testing is custom-designed to cover all system platforms, network connections, software, and databases that comprise the client's Information Technology (IT) facilities.

Internal Penetration Test (IPT)

Internal penetration testing exposes the risks associated with a network attack carried out from inside the network. There are hundreds of opportunities to open up new paths between the internal network and the Internet from within the network, most without any malicious intent on the part of the employee. In addition, recent reports indicate that about half of all successful attacks come from inside the network. An internal penetration test exposes your most dangerous security weaknesses, enabling you to take immediate action to eliminate them. Digital Defense employs technology that enables us to perform an IPT over the Internet, sparing you the disruption and extra cost of analysts visiting your premises to perform the test.

Benefits

Penetration testing provides a clear understanding of the exploitability of the vulnerabilities discovered on your network, and a better understanding of the preventative measures you need to take to prevent the compromise of confidential data. The higher the level, the more thorough your understanding of the state of your security will be.

Some key advantages of Digital Defense.s penetration testing solutions include:

Off-site Testing

Digital Defense performs all testing from our SNOC, rather than sending security analysts to your site. This saves you the disruption and the significant travel and living expenses typically passed through to you by organizations using traditional consultant techniques.

Depth of Market Experience

Digital Defense's security analysts have logged countless hours evaluating platforms that are both market and industry specific. This experience translates into a more thorough and efficient examination of your network, resulting in favorable service ratings from regulatory examiners at a price that is unparalleled when comparing like services.

Centralized Methodology

Our security analysts are centrally located and use a common testing platform, so knowledge transfer between our analysts is rapid and efficient. Further, the vulnerability detection capability of the NSAS assessment engine is continually updated with not only the most recent broad-based vulnerabilities discovered on common platforms (e.g., Windows™ clients), but also vulnerabilities on market-specific platforms (e.g., various home banking solutions). The latter are frequently a direct result of the test scripts written by our analysts while performing the penetration testing services offered using this centralized approach. In short, our centralized methodology results in a more thorough examination of your network assets at a lower cost when compared to like services offered by other providers.

Remediation Prioritization

Armed with detailed knowledge of the vulnerabilities existing on a network and their relative ease of compromise, clients can make intelligent decisions on how best to manage and prioritize the tasks associated with resolving the discovered weaknesses. Every organization has a finite amount of IT resource, so the ability to provide IT staff members with a clear roadmap for remediation activities is invaluable, enabling you to increase the security of your networks faster and more cost effectively over time.

Results

Our clients access the results of all penetration testing services through the Frontline secure web interface, which provides several different views and means of accessing the information discovered during the test, including:

Calendar View

The Calendar View enables the client to access information about a particular vulnerability assessment or penetration test based upon when the performance of the assessment occurred. The user quickly and easily navigates to the desired information through a series of simple menu selections and hyperlink clicks.

Active View

Active View is a workflow management subsystem within the Frontline interface. It enables you to assign specific IT staff members to vulnerability remediation tasks by vulnerability or by host. Other features effectively enable you to manage hosts and their associated vulnerabilities over time.

Reporting Engine

The Reporting Engine enables you to generate three different report types (Executive Summary, Trending, and Detailed Technical) in several different formats including HTML, PDF and CSV. You can generate reports when you want them and as often as you like. You can also download them for archiving.

The Frontline interface design accommodates the information needs of executives as well as IT personnel. This helps our clients bridge the communication gap between executives and technical staff with respect to network security risks and requirements.