Red team penetration testing

Find out what it takes to get in.

What is penetration testing?


Penetration testing is a simulated attack on your network, orchestrated by a certified security engineer or group of security engineers to attempt to compromise your network and digital assets. Assets generally include sensitive information the company needs to protect, such as credit card information and user data. Of course, all of our experts are trained so as not to cause any damage or delete any data during the exercise. The goal is to expose flaws and breaches in order to demonstrate how much data could be stolen, or how your infrastructure and security team would cope with a real-life attack.

In order for the simulated attack to be as realistic as possible, we can attempt to break into your network using all means available and without any prior knowledge of your network (black box testing). All data can be gathered from publicly available sources or from our own internal assessment procedures. Sharing some information prior to the test (grey box testing) usually helps uncover more vulnerabilities. But for maximum efficiency, opening the source code to our team (white box testing) typically offers the best coverage to uncover as many vulnerabilities as possible.

image

Why perform penetration tests?


Increases in high-profile data breaches, affecting millions of people, continue to make headlines. Today more than ever, information is power. Too many companies fail to protect their Intellectual Property or their clients' personal information, which can lead to substantial financial losses and in some cases bankruptcy. So why risk your business over a potential data breach?

All companies that have a website or other digital assets should consider penetration testing on a regular basis. Furthermore, IT Security Compliance regulations and guidelines require many organizations to regularly conduct independent testing to identify vulnerabilities and keep their users and stakeholders protected.

Yes, certifications matter.


If you are going to trust a company to attempt to penetrate your network and potentially handle sensitive data, you need complete trust in their ethics, loyalty, and qualifications.

All of our highly skilled security engineers hold one or more of the following certifications: ISO 27001 Lead Auditor, OSCP, CISSP, CISM, CLAS, CISA, CREST, STAR, CEH, OWASP, SANS / CWE, TIGER Scheme. Silent Breach invests heavily in ongoing training programs to enable our employees to be at the cutting edge of InfoSec.

In addition, Silent Breach regularly sends our staff to leading IT security training at conferences such as Blackhat & Defcon. In collaboration with our security partners, Silent Breach invests in uncovering 0-day exploits and in developing our own tools to find vulnerabilities and security holes.

Finally, Silent Breach participates in contests such as Capture The Flag (CTF) to measure our teams against the best in the industry.

image
image

How often should companies conduct penetration tests?


More and more organizations are looking to pro-actively tighten security, and conducting penetration tests on a regular basis is the perfect place to start.

Silent Breach offers comprehensive testing programs to keep your business safe today, and tomorrow. Because new 0-day exploits are constantly being launched and new bugs are discovered every day, penetration tests need to be conducted on a regular basis to ensure that all of the latest security patches are in place.

For periodic testing that comes with comprehensive managed protection, consider our Managed Defense Program.

What types of Penetration Tests do we offer?


External

External penetration testing is the attempt to compromise your assets from outside your perimeter network. In order to protect yourself from outside threats, we test all internet-facing components (websites, email servers, DNS servers, and so on) for potential security gaps that would allow an attacker to breach the system and gather or damage sensitive data.

Internal

In excess of two thirds of computer intrusions originate from within the company. Internal attacks can have a disproportionately large impact on a business and its processes given the nature of internal trust relationships. Inside information gives an attacker an important edge in stealing sensitive information or bringing down critical services of the company.

Black Box

Black box testing refers to testing a system without any prior knowledge of the target. All information is gathered from either public sources, or through a specific assessment of the client's infrastructure. Black box testing is usually preferred to simulate real-life attacks from external hackers.

White Box

White box testing refers to testing a system with shared knowledge of the system, in full collaboration with the client and their technical staff. White box testing is usually preferred when simulating internal attacks, where employee might exploit well-known flaws in the system.

Grey Box

Grey box testing is a combination of black and white box testing, meaning that we will conduct penetration testing with a limited amount of information on the target(s). This is usually preferred for cost efficiency reasons, to save time in the gathering of information required during black box testing, which can be very time consuming (and costly).


Contact Us