Is your business at risk? DO YOU NEED TO KNOW?

Transcription

1 Is your business at risk? DO YOU NEED TO KNOW?

2 Do you need Penetration Testing? The main issues our clients have faced in the operational running of the business Client-side attacks Another growing security issue, typically from an external source, is an attack on targeted users from your internal user base. Too often organizations focus on server/perimeter protection which is not relevant to this threat leaving the user community wide open. In reality this is a threat to the desktop and if not treated in isolation can remain the 'weakest link'. Neglect can have enormous financial consequences. Business continuity Organizations need to ensure that their critical business functions will be available internally and externally to their customers, suppliers, regulators, and other entities that must have access to those resources and functions. A breach in data availability can have huge consequences in the running of the business which in turn can lead to internal disruption and chaos, reduction in customer confidence and therefore retention, lack of trust and loss of revenue. Disclosure of confidential information Disclosure of sensitive data can result in loss or damage, such as identity theft, lawsuits, loss of business, or regulatory fines. The need to protect access to credit card information, medical records and sensitive data such as your customer's username and passwords is critical in order to maintain customer confidence. Failure to secure this data can lead to unnecessary and costly financial consequences. Brand and Intellectual Property are organizations important assets. This includes the company's knowledge, ideas and identity. Any loss in this area will destroy your competitive advantage, your reputation and your position in the market place. Prevent financial loss through fraud Cybercrime is one of the fastest-growing criminal activities on the planet and as a result businesses are loosing billions of pounds every year. Cybercrime covers a huge range of illegal activity including financial scams, computer hacking, downloading pornographic images from the internet, virus attacks, stalking by and creating websites that promote racial hatred.

3 The Value of Penetration Testing Services The SECFORCE approach to penetration testing provides the following benefits Reducing risk to the business A penetration test will show the vulnerabilities in the targeted systems and the risks to the business. Based on an approved approach each of the risks is then evaluated. This forms the basis for a detailed report classifying the risks as either High-Medium-Low. The categorization of the risk will allow you to tackle the highest risks first, maximising your resources and rapidly reducing the impact of the risk to the business. Evaluate your IT security investment A snapshot of the current security posture and an opportunity to identify potential breach points. The penetration test will provide you with an independent view of the effectiveness of your existing security processes in place, ensuring that patching and configuration management practices have been followed correctly. This is an ideal opportunity to review the efficiency of the current security investment. What is working, what is not working and what needs to be improved. Protects clients, partners and third parties Increases clients, partners and third parties confidence in the knowledge that you are taking a professional approach by taking the necessary measures to maintain the security of your environment. This will lead to maintaining existing business, attracting additional and new business and subsequently increase revenue and profit.

4 Why SECFORCE? Pride in the excellence of our work A business built on the delivery of penetration testing and security services A proven combination of commercially tools and bespoke custom tools to assess the security posture effectively Experience in multiple sectors and therefore ability to quantify risk in context not just as a metric Output includes thorough reports with recommendation for an effective way forward to ensure maximum benefit back to the business A CREST certified team which follows and maintains strict code of ethics Developing trust is important as we move forward together Established reputation with a strong customer base of large corporates A structured approach built on proven methodologies including CREST, OWASP and OSSTM Ability to assist companies early in the development lifecycle to create secure applications Trend analysis tracking progress across multiple tests for the same client using this data to assist in improving processes which might be flawed A history of building strong working partnerships with our clients We care

5 Case Study Power station protection secured The challenge SECFORCE was selected by a power station based in the UK to provide a security health check of their internal corporate network. The power company was confident that all the regulations and security best practices had been followed, especially as the power plant operated a tight critical infrastructure. The client confirmed that the internal network and their SCADA (supervisory control and data acquisition) systems were not interconnected and therefore it should not be possible to reach their most critical systems. SECFORCE results By using a structured approach the SECFORCE team, with no privileges, connected to the internal network. SECFORCE then identified a web application vulnerable to a number of attacks which could allow an anonymous attacker to fully compromise the back-end database. It was later discovered that the same database server was also used by the SCADA systems to log information, which could then be readily available for internal corporate users to access. A misconfiguration in the firewall separating both networks allowed access from the compromised database server to the SCADA network. It was identified that it was possible to access all the control panels and potentially manipulate all the settings in the power plant. SECFORCE on completion of the penetration test provided a findings report together with recommendations which was then presented both to business and technical management. Effective mitigating actions were implemented at which point SECFORCE carried out a re-test to ensure the critical infrastructure was totally secured.

6 SECFORCE is a leading penetration testing company working with key organizations to protect their business infrastructure from internal and external attacks Services delivered on-site and off-site as required SECFORCE UK Suite 11, Beaufort Court Admirals Way E14 9XL London TEL +44 (0) SECFORCE SOUTH AFRICA Palazzo Towers W, Montecasino William Nicol Dr, Johannesburg Fourways, Gauteng, 2000 TEL +27 (0)