Solutionary > Security Consulting Services > External Penetration Assessments

Services and Solutions

Managed & Monitored Security Services

Event Correlation & Information Management

Device Monitoring & Management

Internal & Perimeter Vulnerability Management

Intrusion Prevention Services

PCI DSS 1.2 Monitoring

Unified Threat Management

Security Platform Services

In-the-Cloud Security

Compliance & Risk Management

Risk Assessment & Compliance Measurement

SNAPshot Security Assessment

ISO, PCI, SOX, CobiT, COSO, HIPAA Compliance Reporting

Security ROI Metrics

Benchmarking

Security Consulting Services

Application Security Assessment

Vulnerability Assessment

Certified PCI Audit Services

Policy Review & Development

Architecture Review & Development

External Penetration Assessments

Incident Response & Forensics

KNOW HOW PREPARED YOU ARE: PEN TEST.
Gartner estimates that, although fewer than 10% of the attacks on the Internet are targeted against a single company, the financial impact to an individual business of a single successful targeted attack will be 50 to 100 times greater than the impact of a successful worm or virus event.
Through 2009, the financial damage experienced by businesses because of targeted attacks will increase at least five times faster than damage caused by mass events.

Penetration testing extends on the vulnerability assessment by taking an attacker-oriented approach. An experienced or motivated attacker can take advantage of conditions that show up on a vulnerability assessment scan as point vulnerabilities on "unimportant" systems to gain unauthorized access to the system or other detailed information that can lead to privilege escalation on a critical target. Penetration testing emulates the same process that an attacker would follow to exploit multiple security weaknesses that individually are not critical, but in the aggregate allow an attacker to compromise business-critical data.

When compared with vulnerability assessment scanning, penetration testing takes a more "active" approach to developing a security baseline. Vulnerability assessment techniques can only go so far in detecting potential attack vectors. Changes in technology and business processes are reducing vulnerability assessment effectiveness even further. Penetration testing is needed to augment existing vulnerability management processes, especially in light of the rising level of targeted attacks.

Service Description
Solutionary's penetration testing services provide a comprehensive test of your external security controls including your network and web applications. We position the engagement to meet your business needs ranging from internal audit requirement to regulatory mandate or architectural review.

Solutionary can conduct this testing in three different modes: blind (no previous knowledge), full disclosure (full knowledge) or partial (some knowledge; blended approach) disclosure. We attempt to breach the existing network security architecture to determine the risk of vulnerability from outside attacks to the network. Attempts are made to circumvent security controls including firewalls, IDS, IPS, reverse proxy and other related systems. Solutionary will go as far as possible into your network without causing service interruption.

The Solutionary Advantages
Our penetration testing services can be performed on a scheduled basis or on demand as needed.

Solutionary's services are performed only by experienced and credentialed security professionals, most of whom are CISSPs. We participate in industry associations such as InfraGard, OWASP and OSSTMM open source forums. All this is put to work for you; we go beyond the basic application assessment.
Solutionary's flexible approach is scaled to meet your business requirements. This allows you to reduce the time and cost associated with testing your environment.
We diagnosis the root cause (source) of your security issues, not just treat the symptoms, which will ensure the overall success of your security program.

Service Benefits
Penetration testing can provide valuable insight into your security control and architectural weakness and is especially valuable for:

Highly sensitive or regulated industries, such as government or financial services
Environments with large complex networks
Environments that include systems or applications with limited visibility and control
Environments with a high number of internally developed applications or with packaged applications that do not have well-known or published vulnerabilities

Solutionary provides reports for both the management and the technical side of the business that allows you to show a high level of diligence to your auditors and/or your customers. We identify existing and potential security vulnerabilities on your network and include explanations of the vulnerabilities and associated risk as it relates to your business along with actionable recommendations to address the issues.

Prioritization - We tell you which issues to fix first, how fast you should take action, and the extent of the issue and the depth of the solution.
Specifics - Solutionary is as specific as possible when identifying issues and observations so you can treat the root cause of your security issues, and provide tailored recommendations specific to your environment.
Plain Language - You'll get clear, concise language and documentation that explains issues directly, minimizing jargon and technical language without oversimplifying.
Verifiable Results - Do you want to know when you have successfully fixed an issue? Solutionary can validate improvements from your current state to the desired state, and provide guidance on how to self-validate your results.

At Solutionary, we make security manageable.