Every day we hear about successful high profile attacks that have been able to exploit a vulnerability on a corporate network and extract valuable data. Whether this is in the form of credit card details, medical records or other personal information, the question posed by IT managers remains the same: How can we ensure our network is secure? The answer is penetration testing!
Through penetration testing we analyse the strength of your network security using vulnerability exploitation methods. The penetration test is performed without affecting sensitive data, resulting in a much clearer view of an organisation’s entire security network. Our security experts have extensive penetration testing experience and we have worked with clients from public and private institutions in the financial, healthcare and retail sectors. We perform internal and external penetration tests providing full reports containing information about potential weak security points and vulnerable areas in your email systems, VPN tunnels, firewalls, routers, web servers and other network devices.
Smarttech are ISO27001 and ISO9001 NSAI certified and we provide Basic Penetration Testing and Full Penetration Testing services.
Basic Penetration Testing
Smarttech Basic Penetration Testing services help organisations remain compliant by making sure that their network’s configuration and patch management are up-to-date. We take proactive and fully authorised attempts to improve your security by simulating an exploit and exploring potential vulnerable areas.
Full Penetration Testing
Smarttech Full Penetration Testing services evaluate an organisation’s network, applications, endpoints and internal/external attempts to infiltrate its security points. Complementing the basic penetration tests, we will dive deeper into your network’s infrastructure to provide a full overview of vulnerable and compromised areas that hackers could exploit.
What do our penetration testing services help you address?
- The risks to your organisation.
- How to stay compliant.
- What to do in case a hacker finds their way into your network.
Vulnerability Scanning and Audit
The Smarttech security team delivers expertise, experience and perspective required to address your security, risk and compliance concerns. Having a clear idea as to what you are trying to accomplish will ensure you get the service you really need. Click here to read more about our vulnerability scanning and audit services.
Asset Testing provides a full assessment of an organisation’s entire network security by simulating an advanced hacker attack to and from multiple weak points.
Application Security Training
Web applications have become highly advanced and widely used in organisations. Advanced vulnerabilities can infiltrate even the most sophisticated web applications leaving your organisation exposed. The Smarttech Web Application services help you asses the current web application security, protect sensitive data and stay compliant.
Get a clear understanding of your applications’ vulnerabilities before they impact your organisation.
No matter how strong your information security is or how technologically advanced systems you use, people will always be the weakest link. Social engineering is the “hacking” of people – if any code is too difficult to break it may be simpler to “ask” the right person.
There are many additional attack vectors when social engineering techniques are part of a Pentest, including Spear Phishing, Spoofing Emails, Malicious USB attacks, etc …
At Smarttech We provide a range of social engineering attack techniques in our penetration testing. If you’re not sure whether you need them or not drop us an email and we will help you to choose the right service.
The PCI Security Standards Council has published new guidance to help organisations (of all sizes, budgets and sectors) develop methodology for testing the security controls and processes protecting cardholder data.
The guidance focuses on the following:
- Penetration Testing Components: Understanding of the different components that make up a penetration test and how this differs from a vulnerability scan including scope, application and network layer testing, segmentation checks, and social engineering.
- Qualifications of a Penetration Tester: Determining the qualifications of a penetration tester, whether internal or external, through their past experience and certifications.
- Penetration Testing Methodologies: Detailed information related to the three primary parts of a penetration test: pre-engagement, engagement, and post-engagement.
- Penetration Testing Reporting Guidelines: Guidance for developing a comprehensive penetration test report that includes the necessary information to document the test as well as a checklist that can be used by the organisation or the assessor to verify whether the necessary content is included.
Finally, the report also includes three case studies that illustrate different concepts presented in the guidance and a quick reference guide to assist organisations in dealing with the requirements.
Click here to download the report