Penetration Testing Services
Mainstay’s penetration testers will employ hands-on techniques that real-world malicious hackers might use. Our testers will break down the vulnerabilities, exploits and remediation steps needed to secure your environment. Penetration testing or “pen testing” is a form of ethical hacking meant to test your organization’s application security and network security infrastructure. Breaches and micro-breaches are mounting with hackers becoming more knowledgeable and skilled at taking advantage of even the smallest gaps in security. To keep up, organizations and Managed Security Services Providers are leveraging methods like assessments and testing to measure how effective the controls are that they have put in place. Based on these findings, remediation can help to further strengthen your security posture and lower risk for your organization.
The Purpose of Pen Testing
We’d all like to think that the security controls we’ve put in place through a cybersecurity program will defend us against attacks. The only real way to know their effectiveness is to identify potential vulnerabilities and attempt to exploit them. To identify strengths and weaknesses, a detailed pen test against your applications, internal and external network should be conducted by Mainstay’s highly skilled cybersecurity team.
The baseline of any pen test includes six manual or automated activities, consisting of intelligence gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and action-oriented reporting of potential impact and remediation. More specific tests are then layered on based on an organization’s specific environment. These tests might include OWASP Top 10, PTES, OWASP Top 10 API, or NIST SP 800-115.
The Execution Standards of Pen Testing
- Intelligence Gathering: Enumeration and reconnaissance to gather information on a target.
- Threat Modeling: Optimizing target selection by identifying key assets and conducting a business impact analysis of the system
- Vulnerability Analysis: Discovering vulnerabilities or flaws present on network connected machines
- Exploitation: Establishing access to the networked systems through abusing flaws or vulnerabilities
- Post-Exploitation: Maintaining access to compromised machines and determining the value of the data hosted on compromised systems
The Outcome of Pen Testing
Based on the test, Mainstay will identify critical, high, medium and low risk findings for security controls and exposure to targeted attacks. An assessment is conducted to align with the baseline Penetration Testing Execution Standard (PTES) frameworks with all tests being conducted in an orderly and controlled manner. Additional frameworks are layered on as needed. You will be presented with the findings with a focus on next steps, protection from threats, and improved security.
“What makes Mainstay unique is that we’re able to partner with you long-term, not just to satisfy immediate assessment and testing of risk. We can not only help you to improve your network security but help to carry the responsibility of cybersecurity for years to come.”
Chief Information Security Officer