How to Choose the Right Cyber Security Company
How to Choose the Right Cyber Security Company – Cyber Crime reached $3 trillion in 2016. In 2015 it was $500 billion. The reason for this is likely because most cyber security experts are not hackers or capable of thinking like hackers and are therefore unable to think of the many different ways in which hackers can break into your network. Most cyber security companies use one commercial vulnerability scanner to scan the inside of a network. What about the outside of the network? This is the way in which hackers are getting in. The most important thing that one should understand is that many commercial and popular vulnerability scanners that professional security companies use, are not the same vulnerability scanners that hackers use to hack into your website or network. A security company that can truly keep your networks safe will use multiple tools including the same scans used by hackers, allowing them to find the same access to your networks that hackers might find and securing them immediately.
What Is A Vulnerability Test – A vulnerability is any mistakes or weakness in the system security procedures, design, implementation or any internal control that may result in the violation of system’s security policy or, in other words, the possibility for intruders (hackers) to get unauthorized access. This is the process of locating and reporting vulnerabilities, which provide a way to detect and resolve security problems by ranking the vulnerabilities before someone or something can exploit them. In this process Operating systems, Application Software and Networks are scanned in order to identify the occurrence of vulnerabilities, which includes inappropriate software design, insecure authentication, etc.
Their Vulnerability Test vs. Our Vulnerability Test
Others – Almost all Vulnerability Tests are done by using software testing techniques performed to evaluate the sudden increase of risks involved in the system in order to reduce the probability of a hack. Any cyber security expert or company, who relies on using just software to perform a Vulnerability Test could be giving their clients inaccurate information, since the results can very from software to software.
Level (3) Vulnerability Tests cannot rely on commercial vulnerability scanners, but the vulnerability scanners used by black hat hackers. Level (3) does not use only one vulnerability scanner, but five different scanners often used by black hat hackers, to make sure that when a client receives a Vulnerability Test Report that it is accurate. Scanning an IP address or network is just one part of assessing a clients network. The information to follow will detail all that is included in a Vulnerability Test.
What is Penetration Testing – Penetration testing is a type of security testing used to test the insecure areas of a system or application. It is essentially an authorized attack to gain access to a company’s secure data.
Who Needs A Penetration Test – Everyone! Every six seconds a personal computer is being hacked into. If you have watched the news in the past four years, you have seen Target, Home Depot, The White House, DNC, Blue Cross and hundreds of other corporations and government agencies become victims of a computer hacker. There is no one immune to being hacked.
Vulnerability Test vs. Penetration Test
Vulnerability Test – Will show where and how a client can be vulnerable to an attack.
Penetration Test – Proves that the vulnerabilities found can be exploited by an attacker.
The bottom line is that the Vulnerability Test is the “Show” and Penetration Test is the “Prove”.
|1||Vulnerability Test From The Inside: Level 3 Uses Five Different Vulnerability Scanners To Check Multi-Platform Such As Windows®, Mac OS®, Linux®; And iOS®, Android™ And Windows Phone Devices That Connect To The Exchange Servers, Across All Environments, Including Virtual Machines, And Analyze Your Network's Security Setup And Status.|
o Vulnerability Scanning Including IPv4/IPv6/Hybrid Networks
o Un-Credentialed Vulnerability Discovery
o Credentialed Scanning For System Hardening And Missing Patches
o Meets PCI DSS Requirements For Internal Vulnerability Scanning
o Virtualization VMware ESX, ESXi, vSphere, vCenter, Microsoft, Hyper-V, Citrix Xen Server
o Operating systems: Windows, OS X, Linux, Solaris, FreeBSD, Cisco iOS, IBM iSeries
o Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, PostgreSQL, MongoDB
o Control Systems Auditing: SCADA Systems, Embedded Devices And ICS Applications
o Sensitive Content Auditing: PII (e.g., Credit Card Numbers, SSNs)
|2||Penetration Test On One Public IP Address|
|3||Vulnerability Test From The Outside: |
Scan up to Three Public/Outside IP Addresses To See If There Are Any Vulnerabilities In Your Firewall, By Using Five Different Firewall Scanners.
o Firewalls/IDS/IPS/Routers/Switches Such As Cisco, Check Point, Juniper, Palo Alto Networks
o Botnet/Malicious, Process/Anti-Virus Auditing
o Detect Viruses, Malware, Backdoors, Hosts Communicating With Botnet-Infected Systems, Known/Unknown Processes, Web Services Linking To Malicious Content
o Compliance auditing: FFIEC, FISMA, CyberScope, GLBA, HIPAA/ HITECH, NERC, SCAP, SOX
o Configuration auditing: CERT, CIS, COBIT/ITIL, DISA, STIGs, FDCC, ISO, NIST, NSA, PCI
|5||Vulnerability Test - Website: (Without Damaging Or Making Changes). |
This Will Include:
o Testing of Extraction Username
o Testing of Extraction Email Address Gathering
o SQL Injection Test
o Cross Site Scripting Testing
o Testing of Extraction Phone Numbers
o Testing of Extraction Fax Numbers
o Find Every URL On A Target Website
o Testing of Extraction Of Sensitive Documents
o Testing of Extraction Of Financial Information
|6||Website Penetration Test:|
o Extract Username
o Email Address Gathering
o SQL Injection
o Cross Site Scripting Attack
o Extract Phone Numbers From A Target Website
o Extract Fax Numbers From A Target Website
o Extract Sensitive Documents
o Extract Financial Information
|7||Information Gathering: Level 3 Will Use Custom Search Filters To Find Any Information On The Internet That Can Be Used To Map Your Network.|
|8||Wifi Vulnerability Test:|
o Checking To See If Private SSID's Are Broadcasting
o How Far Clients Wifi Is Broadcasting
o What Security The Wifi Is Utilizing
|9||Penetration Testing: One Wifi Router|
|10||Physical Vulnerability: Level 3 Will Try To Gain Physical Access To Your Network, Without Being Detected.|
|11||Social Engineering - Phishing: This Service Will Check To See How Many Employees Will Click On A Link From A Spoofed Email. It Also Provides Proof That Your Spam Filter Is installed And Configured Correctly.|
|12||Social Engineering Pen Test: Level 3 Will Try To Gain Access To Your Network By Sending Phishing Emails, Telephone Spoofing And Other Techniques To Your Employees.|
|13||Voicemail Hacking: Level 3 Will Try To Hack Up To Five Cellular Voicemails Provided By The Client.|
|14||Theft Security: Level 3 Will Deploy Several Techniques To See How Many Devices (Desktops, Laptops, Cell Phones And Tablets) Are Vulnerability To Theft.|
|15||Network Sniffing: Level 3 Will Try To Sniff Network Traffic From A Low Level Employee To See What Data Can Be Intercepted.|