The idea is basically look at your technology, pretend to be a bad actor and test each thing within the "scope" or limits of the test. This can be written as a number of names:
- "Defense penetration testing" (this is technically accurate)
- "Pentesting" ( just a shortening for the next one)
- "Penetration testing" (common term)
- "Ethical Hacking" (Pentesting is a portion of ethical hacking)
Then there's "red team" in which functions as a benefit to your security team as trying to test security responses. This really deserves it's own page, but for now, that's a good explanation of these terms.
Another similar story, starts another route. Your company hasn't seen any bad-guy activity, but wants to complete compliance requirements or to achieve various regulatory requirements. Many of these are mandated by state or federal laws, especially for companies embarking on multi-national trade, or business with financial/legal/medical/governmental institutions. Sometimes companies don't even know these requirements until it's demanded by customers or lawyers in these areas.
This can be pretty scary at the end of the day for a small business because it means your company could loose enough money to put your out of business. Having worked in small businesses, as my own company, as a person, and really just living in this area, its a common problem where people simply can't respond to these types of things.
Luckily you spent some time talking to your lawyer and they said you'd need your tech team to perform testing. Your technical team comes back saying they're admins and they can show their configurations, but don't really have any clear way to test this for auditors. This is where you call us up. Just like the above situation we get on the phone, maybe through email, and discuss these requirements, we complete by sending an email ensuring we confirm this is what these tests should be. We proceed to write up the documents required and get those sent, once all that's worked out and the start date for testing comes about, we let you know when we're starting, when we're ending, we proceed with the testing and provide reports just as above.
Your technical team probably will be able to provide auditors the logs during these events, but we also provide those services too. Depending on if we discussed this during that initial call, we can take this a step further and work to prepare these documents to answer on your company's behalf during an audit. Any limitations or gaps in monitoring we can also assist with defining and providing as guidance to your IT team. Don't have an IT team, we'll do the administration for you too if you need, but we do take a very "strict" method if this is needed for audits. This may get expensive with all these things though so don't worry, we don't intend to push you for more sales. We just don't want you to have to face this sort of issues alone. We're here to help.
All rights reserved. Your business name.
We need your consent to load the translations
We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.