If you’ve never had a Vulnerability Assessment performed, please go to that section first.
A penetration test, sometimes referred to as a pentest, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders (who do not have an authorized means of accessing the organization’s systems), and malicious insiders (who have some level of authorized access). The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities.
Penetration tests are valuable for several reasons:
- Determining the feasibility of a particular set of attack vectors
- Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence
- Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software
- Assessing the magnitude of potential business and operational impacts of successful attacks
- Testing the ability of network defenders to successfully detect and respond to the attacks
- Providing evidence to support increased investments in security personnel and technology
At NBG Networks, we conduct Penetration Tests on a customized per client basis. We strongly suggest that you know what you’re getting into before you pay anyone for a pentest. Pentests can be done in many different ways with varying degrees of benefit to your business. Recently, many security companies have started conducting what we consider a Vulnerability Assessment followed by running the results through an automated attack tool. The results of such a test are not very valuable since they don’t resemble a real attack.
Much higher value to your business is extracted by conducting goal oriented pentests or by simulating advanced persistent threats or hacktivisim type attackers. These types of tests will effectively demonstrate how well your security team and products are functioning. Goals frequently include items such as change this record in our database, persist in our environment for X number of hours/days/weeks, exfiltrate large amounts of data in a manor consistent with an intellectual property thief. Goals may also be as simple as read the CEO’s email, access an administrators workstation, etc. By identifying goals before the test begins, NBG Networks provides more benefit with less expense.
Please go to the Contacts Section if you would like additional information.