E-Fensive Security Strategies

News

Safety and Security: The Intersection
Security and safety often go hand in hand, but sometimes they conflict. Here are ways to cooperate to achieve both departments' goals
READ ON.

Ten enterprise security pitfalls, and how to avoid them
As president and lead security specialist of a company that performs security assessments for a wide variety of organizations, I often see the same issues over and over. So I'd like to share with the Ars audience the top 10 most common security problems I see on a daily basis, along with some tips on how to address them.
READ ON

Is Wireless Really Worth It?
Wireless networks are ubiquitous these days. We are all, for better or worse, being bombarded by radio waves in all sorts of frequency ranges, and if we could put a 2.4GHz monitor in our heads, we.d be overloaded by the sheer volume of traffic screaming around on wireless networks using that frequency.
READ ON

E-Fensive Penetration Testing Services

There is a considerable amount of confusion surrounding penetration testing and many organisations will have their own internal terminology: vulnerability audit or technical risk assessment.

A penetration test defined by E-Fensive is the process of actively evaluating your information security posture. Your infrastructure will be tested to find any security issues, this includes internal and external risks. A common misconception about a penetration test is that by solely running some form of software which reports known vulnerabilities, you will find all issues and be protected once those issues are addressed. The fact is, that is only one facet of a penetration test. Because of the constantly evolving nature of threats, most software can be out of date by days, weeks and sometimes months. These instances can leave your infrastructure opened to attackers.

After performing our testing, the results of the assessment will then be documented in a report, which will be presented at a debriefing session, where questions will be answered and corrective solutions can be discussed.

So why conduct a penetration test?

From a business perspective, penetration testing helps safeguard your organization by preventing financial loss through fraud (hackers, extortionists and disgruntled employees) or through lost revenue due to unreliable business systems and processes (denial of service attacks), It can provide due diligence and compliance to industry regulators, customers and shareholders while non-compliance can result in your organization losing business, heavy fines, bad PR or ultimately failing. On an extreme level level it can also mean the loss of your job, prosecution and sometimes even imprisonment depending on your regulatory controls. Got SOX? Penetration testing can also protect your brand by avoiding the loss of consumer confidence and business reputation.

Our certified team of penetration testers use cutting edge knowledge in their search for vulnerabilities. Penetration testing is far more than pointing a tool at a machine. Ingenuity, experience and knowledge of attack vectors are the main key to performing a worthy penetration test. We follow a rigorous methodology for our penetration test and hold the responsibility of the infrastructure as if we were guarding our own assets. Your security posture at its healthiest is our bottom line. We use some of the following organizations' guidelines, practices and theories as well as bonafide experience to conduct our testing: PCI, ISACA, CESG, OSSTMM, OWASP.

Did you know...

Penetration testing is a PCI compliance requirement?

PCI DSS Requirement 11.3 addresses penetration testing, which is different than the external and internal vulnerability assessments required by PCI DSS Requirement 11.2. A vulnerability assessment simply identifies and reports noted vulnerabilities, whereas a penetration test attempts to exploit the vulnerabilities to determine whether unauthorized access or other malicious activity is possible. Penetration testing should include network and application layer testing as well as controls and processes around the networks and applications, and should occur from both outside the network trying to come in (external testing) and from inside the network.

Let E-Fensive discuss the optimal solution for your business. We offer the highest caliber penetration testing in the world by recognized experts in the industry. Our team has written tools used in many certification bodies and teachings, we wholly support our work and offer an unparalled test. We currently offer a managed service to compliment our test which monitors and maintains compliance throughout your infrastructure. Contact us for more information.