Most of the folks looking for penetration testing or information security consulting try and choose a firm that they feel meets their needs the best. One of the ways that prospective clients may do this is by looking for a particular firm that claims to specialize in their industry or vertical. And we’ve even seen […]
Is there such thing as an “approved” penetration testing company? This is something we get asked quite often. Unfortunately, there is no overall industry accreditation that is required for firms to be able to conduct penetration testing. There are, however, certain designations that firms can receive for certain types of audits that may require penetration […]
The scope of a penetration test is one of the most important parameters that will define whether the test meets your expectation. The scope of an assessment is usually comprised of a detailed listing of targets. The scope of a penetration test may be represented by the number of systems that are to be tested, […]
The United States government now has an official cybersecurity agency with the creation of the Cybersecurity and Infrastructure Security Agency (CISA). The bill that Trump signed into law on November 16th, 2018 changes the National Protection and Programs Directorate (NPPD) into a standalone agency, moving it out from under the Department of Homeland Security (DHS). […]
It’s hard to believe we are closing in on the end of 2018. We want to take this time to reflect with a look back at the 2018 cybersecurity year in review, and a look ahead to what next year may hold. Key Themes Continued Improvement, But Still Not Enough While firms are starting to […]
A physical penetration test emulates an attacker trying to physically break into your organization and steal sensitive information or gain access to the internal network. If you haven’t already seen it, check out our blog on the top 3 ways we gain access to your environment during a physical penetration test. While you are at it, you […]
A wireless penetration test is a holistic review of your wireless environment and the risk it presents to your organization as a whole. This assessment includes tactical testing that determines whether an attacker in the parking lot can gain access to your corporate network through your wireless signal. However, in contrast to other penetration tests, […]
We’ve talked in a previous post about how host compliance audits are a great way to get a low-level, detailed understanding of your hardening practices and security on a system-by-system basis. But it may not be clear exactly how this type of analysis is done and what your testing team would need to perform a […]
Over the past few months, we have had several customers ask us about when is the right time to penetration test a new application in their environment. Right off the bat, we like this question, because it recognizes the fact that a new application needs a penetration test. You never want to roll a new […]
We’ve talked previously about why an incident response tabletop exercise can be a useful tool for your security program. But taking a step back, let’s take a closer look at what makes an incident response tabletop exercise successful. While a tabletop exercise can be a great way to step through your incident response process on […]
