Cybersecurity Penetration Testing

and

Network Architecture Joint Operations

 

Compliance and Penetration Testing

The demand for more security to protect an organization's critical cyber assets and intellectual property has increased exponentially in recent years. As these needs have increased, companies have deployed firewalls, intrusion detection systems, and various other security models to protect their cyber footprint, but they are rarely tested in a comprehensive and systematical method to prove their defenses work.

These security measures are necessary as it can sometimes take as long as six months to a year before a deep-rooted attack is noticed. Considering that 43% of all cyberattacks are targeting small businesses which often have no means of detecting or even defending against certain attacks.

Penetration tests—also known as pen tests—are a type of ethical hacking used to regularly evaluate the security of a network. This type of test can be required in order to attain governmental compliance such as PCI or HIPAA. Other regulations don’t require penetration tests; however, these tests are useful in understanding the vulnerabilities that would have to be remediated in order to keep a SOC 2 compliance or avoid HIPAA violations.

Our Difference

InnovationND CyberSec Officers perform network and application penetration testing meet or exceeds the requirements for all well-known and established regulatory and compliance standards, including PCI DSS, FISMA, MARS-E, HIPAA, Sarbanes-Oxley, ISO, and many more. 

Our tests are done following a set on a penetration testing approach derived from the National Institute of Standards and Technology (NIST) Special Publication (SP) (“NIST SP 800-115”) – “Technical Guide to Information Security Testing and Assessment”, the Open Source Security Testing Methodology Manual (“OSSTMM”) – authored by the Institute for Security and Open Methodologies (“ISECON”), Information Security Management System (ISMS) ISO/IEC 27001, and the Open Web Application Security Project (“OWASP”) testing methodologies.

Our services run packet captures while processing our tests to look for network or application related issues. These issues help us identify additional problems or weaknesses that other traditional tests would not find. We can see dropped packets in particular applications that are not present in others. 

Packet Analysis

We can help identify those issues outside the traditional pentest such as

  • TCP Errors as an Overview of the Network Traffic

  • TCP Errors per peer

  • TCP Traffic Details per Connections

  • Round Trip Time of Worst Servers

  • Top Talkers

  • Significantly More

TCP Errors

Network and Application Mapping

The core of our company's foundation is on network architecture and security. This means we look at the way a network is built from the ground up. Where are the firewalls placed (is a firewall deployed?), how is the router configured, is there a switching topology that is not optimized, and plenty more.

We perform our penetration testing in a systematic format to track network vulnerabilities, application performance, and how that applies to regulatory compliance. Our process includes:

1.    Research and Reconnaissance
2.    Collect Information
3.    Plan Attack Method
4.    Testing and Discovering Vulnerabilities
5.    Perform Packet Captures During Penetration Tests
6.    Map and Diagram Network and Application Flow
7.    Reporting and Documentation