Penetration testing

What does it take to get in?

What is penetration testing?


Penetration testing is a simulated attack on your network, by a certified security engineer or group of security engineers to attempt to compromise your network and assets. Assets are generally sensitive information the company needs to protect, like credit card information for example. Obviously, we do not cause damage or delete any data, the goal of the exercise is to expose flaws and breaches to show how much data could be stolen, or how your infrastructure and security team would cope with a real life attack.

In order to simulate a real life attack as closely as possible, we will attempt to break into your network using all means available and without any prior knowledge of your network (black box testing). All data will be gathered from publicly available sources or from our own internal assessment procedures. And to make it even closer to reality, we only get financial reward when we get in!

image

Why perform penetration tests?


Increases in high-profile data breaches are making headlines, because network security is often overlooked by large company and corporations. Today more than ever, information is power. Too many companies fail to protect their Intellectual Property, or their client's personal information which can lead to substantial financial losses and in some cases bankruptcy if any of this information is leaked. So why risk your business over a potential data breach?

All companies that have a website and tangible assets accessible on-line, should consider penetration testing on a regular basis. Furthermore, IT Security Compliance regulations and guidelines require an organisation to conduct independent testing of the Information Security Program to identify vulnerabilities on a regular basis.

Yes, certifications matter.


If you are going to trust a company to attempt to penetrate your network and potentially handle sensitive data, you need complete and utter trust in their ethics, loyalty and qualifications.

All of our highly skilled security engineers hold one or all of these certifications: ISO 27001, CISSP, CISM, CLAS, CISA, CREST, STAR, CEH, OWASP, SANS / CWE, TIGER Scheme. Silent Breach invests heavily in ongoing training programs to enable its employees to be at the cutting edge of infosec.

In addition, Silent breach regularly sends its staff to leading IT security training at conferences such as Blackhat & Defcon, to attend the different seminars but also to expose newly found threats. Silent Breach invests in 0-day exploit finding and in developing its own tools to find vulnerabilities and security holes.

Finally, Silent Breach participates in contests such as Capture The Flag (CTF) to measure our teams with the best experts in the industry.

image
image

How often should companies conduct penetration tests?


More and more organisations are looking to pro-actively tighten security, and conduct penetration tests on a regular basis. Even more so, it is important to sanity check any changes to your network infrastructure, or whenever new software is deployed on your servers.

Silent Breach offers comprehensive recurrent data breach testing programs, to keep your business safe today, and tomorrow. Because new 0-day exploits are crafted every day, new bugs are uncovered and because hackers always find new creative ways to compromise your network, penetration tests need to be conducted on a regular basis to ensure all the latest security patches are in place, and your business is safe.

Penetration tests


External penetration testing

External penetration testing refers to trying to compromise your assets from outside your perimeter network. In order to protect yourself from outside threats, we test all internet-facing components (Corporate web site, email server, DNS servers, etc ..) for potential holes in their security that would allow an attacker to breach the system, and gather or damage sensitive data.

Internal penetration testing

In excess of two thirds of computer intrusions originate from within the company. Internal attacks can have a disproportionately large impact on a business and its processes given the nature of internal trust relationships. Inside information gives an attacker an important edge in stealing sensitive information or bringing down critical services of the company.

Black Box testing

Black box testing refers to testing a system without any prior knowledge of the target, all information is gathered from either public sources, or through a specific assessment of the client's infrastructure. Black box testing is usually preferred to simulate real life attacks from outside hackers.

White Box Testing

White box testing refers to testing a system with shared knowledge of the system, in full collaboration with the client and its technical staff. White box testing is usually preferred when simulating internal attacks, where employee might exploit well known flaws in the system.

Grey Box testing

Unsurprisingly, grey box testing is a combination of black and white box testing, meaning that we will conduct penetration testing with a limited amount of information on the target(s). This is usually preferred for cost efficiency reasons, to save time in the gathering of information required during black box testing, which can be very time consuming (and costly). For example, grey box testing would involve sharing details of the targets, where the assets are located, and details of the network topology, but doesn't go as far as sharing application source code and other internal protocols.

Contact Us

Tiered testing


There are different levels of tests that we can perform, depending on the package you subscribe to. It ranges from basic sanity checks to full team attacks on live systems.
Table 1: Tiered testing
Tier Tier 1 / compliance Tier 2 / opportunistic Tier 3 / full coverage Tier 4 / determined attack Tier 5 / redteam attack
Duration 3 days 1 week 2 weeks 4 weeks 6 weeks
Number of IPs 1 1-5 1-10 up to 100 unlimited
Post patching verification no no yes yes yes
FREE if no penetration no no no no yes (*)
Cost Please request cost sheet Please request cost sheet Please request cost sheet Please request cost sheet Please request cost sheet
(*) Additional cost applies if penetration is successful

Security packages


Your network evolves, new security flaws are found every day, hackers are getting smarter; protect your business today and tomorrow.
Table 2: Annual protection package
Bronze Silver Gold Platinum Diamond
Duration Quarterly Tier 1 tests Quarterly Tier 2 tests Quarterly Tier 3 tests Quarterly Tier 3 tests
+ bi-annual Tier 4 tests
Quarterly Tier 4 tests
+ bi-annual Tier 5 tests
Average savings 10% 15% 20% 25% 30%
Cost Please request cost sheet Please request cost sheet Please request cost sheet Please request cost sheet Please request cost sheet


Contact Us