Technical Testing. Network Testing DATA SHEET

Similar documents
Technical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments

Advanced Threat Protection with Dell SecureWorks Security Services

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Cyber Security Management

THE TOP 4 CONTROLS.

Cisco Security Optimization Service

Information Technology Security Review April 16, 2012

2012 North Dakota Information Technology Security Audit Vulnerability Assessment and Penetration Testing Summary Report

Threat Intelligence Pty Ltd Specialist Security Training Catalogue

PENETRATION TESTING GUIDE. 1

How To Test For Security On A Network Without Being Hacked

Defending Against Data Beaches: Internal Controls for Cybersecurity

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Protecting against cyber threats and security breaches

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement... 2

Information Security Services

Assuring Application Security: Deploying Code that Keeps Data Safe

CORE IMPACT AND THE CONSENSUS AUDIT GUIDELINES (CAG)

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Top 20 Critical Security Controls

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Internet threats: steps to security for your small business

Payment Card Industry Data Security Standard

SPEAR PHISHING UNDERSTANDING THE THREAT

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Four Top Emagined Security Services

Looking at the SANS 20 Critical Security Controls

Department of Homeland Security

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

Best Practices Guide to Electronic Banking

What is Penetration Testing?

Enterprise Computing Solutions

Security Management. Keeping the IT Security Administrator Busy

Pension Benefit Guaranty Corporation. Office of Inspector General. Evaluation Report. Penetration Testing An Update

Jumpstarting Your Security Awareness Program

ForeScout CounterACT. Continuous Monitoring and Mitigation

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

IBM Security QRadar Vulnerability Manager

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Hackers are here. Where are you?

Hackers are here. Where are you?

Practical Threat Intelligence. with Bromium LAVA

SANS Top 20 Critical Controls for Effective Cyber Defense

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

Extreme Networks Security Analytics G2 Vulnerability Manager

BEST PRACTICES RESEARCH

The Protection Mission a constant endeavor

10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group

SecurityMetrics Vision whitepaper

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Put into test the security of an environment and qualify its resistance to a certain level of attack.

Cybersecurity Enhancement Account. FY 2017 President s Budget

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

Marble & MobileIron Mobile App Risk Mitigation

case study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME:

SECURITY. Risk & Compliance Services

Overview. Figure 1 - Penetration testing screenshot examples showing (i) PACS image and (ii) breached Electronic Health Record system

Give Vendors Access to the Data They Need NOT Access to Your Network

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Microsoft Services Premier Support. Security Services Catalogue

Pass-the-Hash. Solution Brief

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Log Management How to Develop the Right Strategy for Business and Compliance. Log Management

5 Steps to Advanced Threat Protection

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY. Mark

Managing IT Security with Penetration Testing

IBM Security re-defines enterprise endpoint protection against advanced malware

What a Vulnerability Assessment Scanner Can t Tell You. Leveraging Network Context to Prioritize Remediation Efforts and Identify Options

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

The Path Ahead for Security Leaders

The Future Is SECURITY THAT MAKES A DIFFERENCE. Overview of the 20 Critical Controls. Dr. Eric Cole

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

Covert Operations: Kill Chain Actions using Security Analytics

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s

N-Dimension Solutions Cyber Security for Utilities

What Do You Mean My Cloud Data Isn t Secure?

Cybersecurity The role of Internal Audit

Business Internet Banking / Cash Management Fraud Prevention Best Practices

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Transcription:

DATA SHEET Technical Testing Network Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance your security posture, reduce your risk, facilitate compliance and improve your operational efficiency. Test your security defenses IT staff are often leveraged beyond capacity, and therefore are unable to adequately test their own security and compliance preparedness against real-world threats. In addition, IT lacks the independence, and oftentimes, expertise needed to conduct detailed testing of their networks, systems and operations. Dell SecureWorks Technical Testing security consultants can test your networks, systems, facilities and employees. Through the use of real-world strategies and tactics, we determine where your security is strong and where gaps exist that could lead to a compromise. In addition, our testing services help you meet your particular compliance requirements. Determining which assessment is right for you depends on what you are trying to accomplish. What is your goal? Mitigate risk Improve your security posture Evaluate your team s response capabilities Meet compliance We can also help you prioritize findings that reflect your business circumstances, and effectively communicate to your technical and non-technical audiences. Expert Testing, Analysis and Assessments Highly Credentialed Experts passionate about security Focused on security Best Practices for your industry Deep understanding of Compliance, Regulations and Security Frameworks Latest threat intelligence from Dell SecureWorks CTU research team Risk based approach

Technical Testing Technical Tests are hands-on tests by consultants that evaluate your application or network security. Traditional technical testing delivers a comprehensive review of all vulnerabilities and technical risks. For a more complete test, a simulated cyberattack or Red Team Engagement will provide a collaborative test with you to establish testing objectives (sometimes called trophies): specific, high-value systems or data that are the same business-impacting goals that advanced threat actors aim to achieve. Network Security Testing Network Security Testing helps organizations identify and demonstrate vulnerabilities in their networks, systems and operations, helping to determine actual risk, validate security defenses and meet compliance mandates. Network security testing focuses on: Vulnerability Assessments to validate configurations and identify vulnerabilities in your environment that pose a real risk to your organization Penetration Testing to determine how well your organization s security policies protect your assets. These tests attempt to gain access to your network and information assets in the same way a hacker would Network Equipment Testing which includes Wardialing that tests fax machines and modems and Wi-Fi penetration testing Social Engineering to test your employees with true-to-life tactics employed by social engineers. These are non-technical threats like impersonation via phone. Penetration Tests Penetration Testing a form of assurance testing helps organizations meet compliance requirements and validate specific security risks that may exist. It is designed to show how an attacker can gain unauthorized access to your environment through your email systems, firewalls, routers, VPN devices, web servers and other network devices. Industry-recognized expertise and mature consulting processes to deliver real business value to your organization.

Vulnerability Assessments are a light-touch evaluation to identify gaps and vulnerabilities on your network. They help you validate your configuration and patch management, and identify steps that you can take to improve your security. The assessments help you meet your minimum compliance mandates and security assessment needs. Penetration Testing can be performed from the perspective of threats attacking the network edge facing the Internet (external) and from inside the network environment (internal). Our penetration tests subject systems to real-world attacks, and are carefully selected and conducted by our security consultants. The goal is to identify the extent to which a system can be compromised before an actual determined attack takes place. Penetration Tests are also known as ethical hacking and go further than vulnerability tests to identify security gaps and vulnerabilities in your network. Tests are designed to show how an attacker would gain unauthorized access to your environment by compromising your email systems, firewalls, routers, VPN tunnels, web servers and other devices. Advanced Penetration Tests simulate a networkbased attack to test your network security defenses, policies and practices, and provides the steps you can take to improve your security and controls. The advanced penetration test goes further than a Penetration Test to gain full, persistent control of your systems and use those systems as a base for attacks deeper into the network. Social Engineering Dell SecureWorks Social Engineering experts evaluate the effectiveness of your employees against nontechnical break-in attempts. Based on the latest intelligence on social engineering tradecraft, the service evaluates your employees vigilance against creative, and often personalized, threats that work to exploit those employees trust and lack of security awareness. Social Engineering can be used as a one-time test of the effectiveness of your broader security awareness campaign, or to help win over support for new training programs. Dell SecureWorks experts work with you to identify appropriate scenarios based on industry, company size and engagement-specific goals. The most common scenarios involve sending target individuals to a malicious web site, where they may be asked to provide credentials, download malicious files or have their browser attacked to gain access to additional resources. Less aggressive scenarios can be crafted to target sensitive data or information useful to augment secondary attacks. These services are available as individual engagements through phone (phishing) or email (vishing) testing, and are also included in our Red Team testing services. Phishing Phishing is an attempt to acquire sensitive information, such as usernames, passwords or financial information, by masquerading as a trustworthy entity in electronic communication. Whether you need to test all employees or a subset

of specific employees, we can work with you to determine the right methodology to provide real tests that pose minimal risks to your network. Phishing: Click and Log A remote social engineering assessment, Phishing Click and Log is designed to identify gaps in user security awareness that an attacker can exploit. Receive a log and report showing who clicked on the various links. Testing is designed to deliberately attempt to trick users by mimicking common websites, impersonating internal staff, third-party service providers or customers. Phishing: Endpoint Attack The goal of Phishing Endpoint Attack is to obtain either user credentials or compromise a user s workstation. This can be accomplished using a variety of standard scenarios or custom-tailored situations. Manipulations generally involve the impersonation of customers, internal staff, or third-party contractors. Vishing The telephone equivalent of phishing, Vishing is an attempt to verbally steer the user into surrendering sensitive information like passwords, or to execute malicious software that gives attackers remote control of their workstation. Our experts work with you to identify appropriate scenarios to test your employees to prevent attackers from thwarting common phishing security controls. Network Equipment Testing Network Equipment Testing helps identify if networkconnected assets such as faxes, modems and Wi-Fi devices are vulnerable to attack, and helps understand what could happen if those assets were compromised. Wireless Network Penetration Wi-Fi networks have inherent risks that can come from improperly secured infrastructure, rogue access points and wireless clients themselves. Many wireless security methods, such as MAC filtering and pre-shared keys, are no longer effective defensive measures of protection. Often, these measures can be bypassed or broken within minutes or hours, exposing your internal infrastructure from outside your physical location. Dell SecureWorks Wireless Network Penetration will: Evaluate the security of your wireless network infrastructure Assess your compliance with applicable mandates Identify rogue access points and other points of unauthorized entry Wardialing Organizations often overlook the most mundane elements of their networks, such as faxes and modems. These items are vulnerable to one of the oldest attack techniques: automated phone dialing, commonly called wardialing. You may be unaware of legacy fax and modem devices across your organization that can be accessed by malicious, automated phone dialing systems, and testing for vulnerabilities can be complex and time-consuming. Dell SecureWorks Wardialing service mimics realworld auto-dialer threats. The service identifies assets, gathers information and tests modem and fax devices for security vulnerabilities. Three key functions are performed: Connect: Perform calls across an organization s phone systems Identify: Identify active phone, fax and modem numbers and device details Probe: Leverage collected information to attempt to penetrate systems Dell SecureWorks Wardialing service improves the security of devices connected to your carrier network. Additional Technical Testing Services Application Security Testing Get the assurance that your web applications, mobile applications and web APIs are secure. Leveraging

our deep knowledge of the Tactics, Techniques and Procedures (TTP) threat actors use, our security consultants test the state of your applications and provide actionable recommendations to enhance the security of the applications. Red Team Red Team tests simulate cyberattacks against your organization to clearly understand vulnerabilities across all security areas. These tests challenge an organization s defense against electronic, physical and social exploits. The objective is to identify gaps in security practices and controls that standard technical tests are unable to find. Red Team tests differ from standard Technical Testing by using a combination of attacks that combine various techniques to avoid detection and prevention. They include real-world attack goals customized to simulate the business impact this type of attack would have on your organization. Red Team tests are covert attack methods that try to defeat existing security devices. Summary Technical Testing is designed to cover specific services. Each security test has its own objectives and acceptable levels of risk. There is not an individual technique that provides a comprehensive picture of an organization s security when executed alone. Dell SecureWorks can work with you to determine what combination of techniques you should use to evaluate your security posture and controls to begin to determine where you may be vulnerable. About Dell SecureWorks Dell SecureWorks uses cyber threat intelligence to provide predictive, continuous and responsive protection for thousands of organizations worldwide. Enriched by intelligence from our Counter Threat Unit research team, Dell SecureWorks Information Security Services help organizations proactively fortify defenses, continuously detect and stop cyberattacks and recover faster from security breaches. For more information, call 877-838-7947 to speak to a Dell SecureWorks security specialist. www.secureworks.com www.secureworks.com Availability varies by country. 2015 Dell Inc. All rights reserved.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information