Understanding Penetration Testing
Vectra’s penetration testing services validate the security of your systems and applications by identifying and attempting to exploit vulnerabilities and weaknesses. To be effective in safeguarding systems against attack, penetration testing should be performed on both the applications and the underlying supporting network and infrastructure. Penetration testing can be performed from the perspective of an external internet attacker with no prior knowledge of your environment or as an attacker with credentials or access to the internal network. The Vectra penetration testing service meets the stringent requirements of the PCI SSC (Payment Card Industry Security Standards Council) for PCI DSS compliance.
Penetration Testing Methodology
Vectra has a well defined and proven penetration Testing Methodology based on industry best practice. This ensures that our clients receive consistent and quality results. Our team uses an arsenal of commercial, open source and custom developed penetration testing tools. Some of these tools are similar to those used by attackers on the internet. Penetration testing is performed using a variety of automated tools, tailored to suit each engagement and manual interaction to validate and attempt to exploit vulnerabilities.
Regulatory Requirements and Governance
Penetration tests are a mandatory requirement for meeting several regulations, including PCI DSS, SOX, GLBA and HIPAA. Penetration testing is defined in industry best practice standards such as ISO 27001 as an important security validation test that any organisation with an internet presence should regularly undertake.
PCI DSS Penetration Testing
As a QSA (Qualified Security Assessor) company, endorsed by the PCI SSC (Payment Card Industry Security Standards Council), Vectra is well versed in the specific requirements for PCI DSS penetration testing. If penetration testing is required to meet PCI DSS compliance obligations, as a QSA company Vectra is able to provide PCI DSS Assessment services and other services required to maintain PCI DSS compliance.