Most institutions scan their perimeter and internal networks for vulnerabilities to see what may be exploitable from the outside. However, today’s cyber-threats are multi-faceted. Determined attackers utilize all means at their disposal, including Social Engineering methods like targeted phishing emails, pretext calling, and even physical penetration attempts. Most incidents begin with phishing emails that exploit internal systems when clicked, and the breach spreads from there. How would your network defenses and security team identify and respond to such an attack?
10-D Security’s External Penetration Test simulates a “real world” Cyber-Attack on your institution that challenges your team’s monitoring and alerting controls, and provides an opportunity to fine-tune your Incident Response Program.
We perform what is known as a “Black-Box Assessment,” which means our Security Engineer does not have advance knowledge of your infrastructure at the start of the test. Our test mirrors how actual attacks occur, but without the real-world stress or liability. 10-D Security’s Red Team employs the same cutting-edge techniques and strategies used by today’s bad guys to detect and evaluate your security controls.
A Penetration Test does not replace Internal Vulnerability, External Vulnerability, or Social Engineering Assessments, but complements them by enabling institutions to assess how their layered security controls hold up to a complex and persistent attack.
This test complements the External Vulnerability Assessment and Social Engineering Assessment by enabling institutions to assess how their layered security controls hold up to a complex and persistent attack.
The 10-D Security Difference
- We specialize in testing the critical, sensitive infrastructures of financial institutions.
- Proprietary tools capture and review key data in a fraction of the time.
- Our experience with the critical and sensitive infrastructures of financial institutions and other clients gives us the unique knowledge necessary to safely and efficiently maneuver in these environments.
- Our professionals have both Red Team (Attacker) and Blue Team (Defender) experience, which allows for a more thorough evaluation and more meaningful results.
Who Benefits from an External Penetration Test?
- Organizations ready to test their Incident Response Plan.
- Management groups who value a proactive evaluation and the preemptive assurance this test brings.
- Incident Response Teams with a “bring it on” attitude who are ready to showcase their razor-sharp detection and defense skills.
The Scope of Work
Our External Penetration Test scope is straightforward. We may target any and all client assets for weak links, which could include any of the following:
- Email Phishing
- Phone Calls (Vishing)
- Cross site scripting
- SQL Injection
- Internally-developed Applications