Penetration Testing
You are here: Home \ Professional Services \ Penetration Testing

Penetration Testing

Penetration or intrusion tests simulate a real attack against your infrastructure in a controlled environment, allowing our certified consultants to evaluate your system’s capacity and provide you with recommendations on how to improve your defense against technological vulnerabilities that can lead to intrusions, fraud and service interruptions.

Penetration testing (also called “pentesting”) includes network penetration testing, social engineeringapplication assessment as well as controls and processes around the networks and applications. This should occur from both outside and inside the network. Hitachi Systems Security utilizes components from several different testing frameworks including:

OWASP

Open Web Application Security Project

PTES

Penetration Testing Executive Standards

OSSTM

Open Source Security Testing Methodology

ISO 27001 / COBIT

Control Frameworks such as: ISO 27001 and Control Objectives for Information and Related Technology

TOGAF

Architecture Models such as The Open Group Architecture Framework

Added Value

Hitachi Systems Security’s penetration tests are carried out employing the same techniques as an attacker located outside your infrastructure and verify, without revealing too much information on your environment, if your servers or applications will resist hostile attacks, and if the identified vulnerabilities can lead to further intrusion and exploitation.

A pentest will help you:

null

Protect your Corporate and Customer Information

null

Comply with Industry and Government Regulations

null

Preserve your Organization's Integrity and Reputation

Benefits

Hitachi Systems Security’s penetration testing service protects your business and provides many benefits, including:

  • Manage Vulnerabilities Using Greater Intelligence

    Understand your vulnerabilities by gaining insights into why they occur and how to remove them. Analyze and rank exploitable weaknesses based on their potential impact and likelihood of occurrence.

  • Reduce Costs Associated with Network Downtime

    Avoid network downtime and the costs associated to it by discovering vulnerabilities and eliminating them.

  • Preserve Corporate Image and Customer Loyalty

    Any downtime or missteps can be harmful to an organization’s image. Penetration testing finds vulnerabilities before they become problems.

  • Improved Compliance

    Ensure you are in compliance with customer and shareholder requirements, regulations and standards. We can help you comply with major regulations such as SOX, PCI, NERC/ CIP, SAS70/SSAE16, HIPAA, ISO, and more.

Steps Performed During a Penetration Test

Pentest Step1
Pentest Step1

Step 1

Intelligence Gathering and Reconnaissance. We will discover vulnerabilities in the target client systems and investigate methods to attack those vulnerabilities.
Pentest Step2
Pentest Step2

Step 2

Conducting attacks against the given vulnerabilities.
Pentest Step3
Pentest Step3

Step 3

Establishing deeper control over the compromised assets.
Pentest Step4
Pentest Step4

Step 4

Erasing evidence of the attack through system logs, firewall entries and any other traceable records.
Pentest Step5
Pentest Step5

Step 5

Pivoting control to other assets and systems deeper within the client infrastructure.
Pentest Step6
Pentest Step6

Step 6

Finding and retrieving valuable information from the client systems, e.g. PCI data, client records or sensitive information of other types, alternatively disrupting client services or denying control of the assets, as defined by client need.
Pentest Step7
Pentest Step7

Step 7

Producing detailed written reports that catalogue all activities undertaken, describe the methods and the results and explain the necessary remediation efforts.

When to Perform a Pentest

Many organizations will conduct a penetration test because they may suspect or know that they have already been hacked and now want to find out more about the threats to their systems in order to reduce the risk additional attacks. Conversely, an organization may also be proactive and want to know in advance about any threats that face their organization as a whole or a new system before it goes live.

penetration-testing

[Blog] 4 Good Reasons Why You Need to Conduct a Penetration Test

Talk to a Security Specialist

 

Deliverables

The final result of a penetration test is a detailed report, including all test findings as well as the necessary countermeasures and recommendations to secure your IT infrastructure. The report documents the following elements:

null

The security level of the servers as perceived by an attacker.

null

The security breaches, vulnerabilities, as well as countermeasures and corrective actions to be applied.

null

All testing activities and raw scan data are also provided alongside the final deliverable as report appendixes and supporting documents.

Webinar on Demand:
Learning How Hackers Hack

In this webinar you will learn:

  • What does a world class penetration test involve?
  • The 6 essential elements of a penetration test
  • The 6 benefits of a penetration test

Related Articles

E-Book: Thinking Like Your Enemy Yields World-Class Security

Download Penetration Testing: Think Like Your Enemy