The Unknown Danger
While many companies perform vulnerability scans of their networks and computing platforms, many never know if an attacker could actually exploit the vulnerabilities discovered in the process. Compounding the problem is the fact that most companies do not have staff with the specialized expertise required to adequately test systems without incurring a potential business operations impact.
As a result of these challenges, companies are often left exposed to threats.
Shedding Light on the Issue
Digital Defense Frontline PenTest™ is a key component to any robust information security program. Performed by trained security analysts and utilizing industry best practice test methodologies, our PenTest targets systems where weaknesses reside. We efficiently determine if a potential vulnerability is truly exploitable and if it could lead to the compromise of sensitive corporate data.
Proven Penetration Testing Methodology
Pen Test seeks to compromise systems quickly and efficiently in order to gain the highest level of system access possible.
Pen Test is available as a subscription or project service.
A Multi-Phased, In-Depth Process
The penetration test process is actually the culmination of several different activities that ultimately provide client organizations with a clear view of exploitable threats present on its systems or networks.
The assigned Digital Defense security analyst will work with the client to ensure the engagement is properly scoped and takes key systems and applications into account.
Vulnerability Assessment Phase
The penetration test begins with a comprehensive evaluation conducted via the Digital Defense vulnerability scanning service. The scan evaluates the security posture of the IP addresses included within the penetration test scope in order to fingerprint the network-connected devices (e.g. servers, workstations, routers, firewalls, etc.) and determine the number and severity of the vulnerability associated with them.
Penetration Testing Phase
After the vulnerability assessment has been completed, the assigned security analyst utilizes a comprehensive set of tools to exploit and gain access to key systems (core servers, domain controllers, e-mail platforms, ERP, and ERM systems, etc.).
While testing in-scope systems, the analyst documents all test findings within the Frontline.Cloud™ platform, a secure multi-function portal that allows clients to receive centralized and standardized reporting functionality.
At completion of the penetration test, the client is provided full executive and technical reporting via the Frontline.Cloud platform.
Clients can take advantage of the integrated results management interface in the Frontline.Cloud platform to quickly and effectively deal with discovered issues.