Understanding Penetration Testing
Vectra’s pen testing services provide an in-depth review of the weaknesses in your system networks. We do this by attempting to exploit your businesses security system to find weak points. Once an assessment is complete, Vectra will provide a detailed report outlining how to improve your business’s security defences.
By completing penetrating testing, you are proactively improving your information security.
This whole process is known as ethical hacking as the outcome is to improve business security, rather than steal sensitive data.
To be effective, this type of testing needs to be performed on both the applications and the supporting network infrastructure.
Testing can be performed in two ways:
- From the perspective of an external attacker with no knowledge of your business.
- As an attacker with credentials or access to the internal network.
Penetrating tests lay the groundwork for how a business can improve its security systems to prevent any threats to data.
Vectra’s Penetration Testing
Vectra conducts penetration across Australia with consulting services in Sydney, Melbourne, Adelaide, Perth, and Brisbane.
Vectra’s penetration testing service meets the requirements of the Payment Card Industry Security Standards Council for PCI DSS compliance.
Find out more about our penetration services:
Vectra’s proven 6 step approach to pen testing is based on industry best practice. This ensures our clients receive consistent and quality results to ensure their systems are protected against threats.
To achieve this, our team of experts uses commercial, open-source and custom developed penetration testing tools. Our testing is performed using a variety of automated tools, tailored to suit your business requirements.
Some of these tools are similar to those used by internet attackers to gain access to your sensitive data.
We have outlined our 6 step approach below:
- Information Gathering – collecting data to prepare a security attack
- Threat Modelling – designing ways to test the weaknesses
- Vulnerability Analysis – defining the possible points of entry
- Exploitation – attempting to gain sensitive data
- Post Exploitation – evaluating the level of risk to your business known weaknesses
- Reporting – providing a detailed report of strategies to improve your security
Regulatory Requirements and Governance
Penetration tests are a mandatory requirement for meeting several regulations, including PCI DSS, SOX, GLBA and HIPAA.