PCI Compliance Package An all-in-one bundle designed to help you reach compliance.

Our consultants have conducted countless PCI Compliance Assessments, filling out numerous Reports on Compliance and Self-Assessment Questionnaires for organizations across a wide variety of industries. This package includes all of the individual assessments necessary for your organization to achieve or maintain PCI compliance.

Our package includes:

PCI Gap Analysis During a PCI gap analysis, you will be paired with a certified PCI Professional (PCIP) to evaluate your company’s compliance. If your company is required to fill out a Self-Assessment Questionnaire (SAQ), we will assist you in selecting the appropriate SAQ, determine the scope of PCI in your network, evaluate your compliance, and fill out the SAQ for you. If you are preparing for a Report on Compliance (ROC) audit, we will provide you with a full gap-analysis, identifying where you might fall short and providing the steps you need to take to become compliant before your final audit.

pciicon
externalicon

 

External Penetration Test An external penetration test emulates an attacker trying to break into your network from the outside. The goal of the engineer performing this assessment is to breach the perimeter and prove they have internal network access. This test includes:

  • Open source reconnaissance against the organization
  • Full port scan covering all TCP ports and the top 1,000 UDP ports of the targets in scope
  • Full vulnerability scan of the targets
  • Manual and automated exploit attempts
  • Password attacks

 

Internal Penetration Test An internal penetration test emulates an attacker on the inside of your network. This could be either an attacker who is successful in breaching the perimeter through another method or a malicious insider. The goal of the engineer in this module is to gain root and/or domain administrator level access on the network, and gain access to sensitive files. Activities include:

  • Active and Passive network reconnaissance including traffic sniffing, port scanning, LDAP enumeration, SMB enumeration, etc.
  • Vulnerability scan on all in-scope targets
  • Spoofing attacks such as ARP cache poisoning, LLMNR/NBNS spoofing, etc.
  • Manual and automated exploit attempts
  • Shared resource enumeration
  • Password attacks
  • Pivoting attacks
internalicon
vulnscan

Vulnerability Scanning Vulnerability scanning is a regular, automated process that identifies the potential points of compromise on a network. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures. Our engineers will conduct this scan for you and use our expertise to remove false positives and produce a risk-prioritized report.

Why Triaxiom Security

We partner with you to give you the information you need to defend against today’s threats.