Network Penetration Testing
A Network Penetration Test simulates a real-world attack against your information systems to identify vulnerabilities and risks which may impact the confidentiality, integrity or availability of your data.
Unlike a vulnerability assessment or automated vulnerability scan, security engineers performing penetration testing actively try to breach your systems or obtain access to sensitive data by bypassing security controls. This manual, hands-on approach allows the tester to intelligently respond to changing conditions within the environment and discover new vectors of attack. As a result, your organization can understand how malicious entities may be attacking your systems and to what extent they are vulnerable.
Depending on your needs, Network Penetration Tests can be performed both from an Internet-facing perspective (i.e., with ControlScan's engineers testing your external systems across the Internet) or from within your network environment. Both types of testing provide insight into your organization's risk exposure from different perspectives.
During the engagement, our security testers perform reconnaissance of in-scope systems to identify services and functions which may be vulnerable, followed by a discovery of vulnerabilities affecting in-scope targets and then finally attack the targets in order to compromise them. All of this is done with your permission.
There are two types of penetration tests—external and internal.
- An External Penetration Test shows you what anonymous attackers on the Internet see when looking at your network.
- An Internal Penetration Test shows you the risks your employees, contractors and guests pose to your information systems.
Additional Benefits for PCI & HIPAA Compliance:
- Network Penetration Testing satisfies requirement 11.3 of the Payment Card Industry Data Security Standard (PCI DSS) when performed against your cardholder data environment.
- Network Penetration Testing is also an optimal solution for safeguarding your protected health information (PHI), helping you to address your HIPAA and HITECH requirements.
For more information about ControlScan's Network Penetration Testing, or to schedule a consultation, call 1-800-825-3301 x 3 or click here.