Identifying Gaps to Improve Your Cyber Defenses
Sage’s External Vulnerability Assessment and Penetration Test identifies the key strengths and weaknesses of your current environment, allowing you to see how it would handle various types of cyber-attacks. Once we’ve assessed your system for vulnerabilities, we conduct simulated attacks where we behave like the world’s most sophisticated cyber-intruder to determine how those vulnerabilities could be exploited. Using the results, we develop a remediation strategy that will help you mitigate the risk of falling victim to legitimate cyber intruders.
Through the testing, we will:
- Identify publicly available networks / systems through reconnaissance and intelligence gathering.
- Identify weaknesses in the network / system architecture.
- Identify potential exploits / entry points into critical devices / systems.
- Identify system and application specific vulnerabilities including lax access controls.
- Exploit identified vulnerabilities (authorization required).
- Test the adequacy of intrusion detection and response systems. Fulfill requirements of applicable regulations and compliance standards.
- Provide actionable recommendations designed to mitigate discovered vulnerabilities.
The Sage Methodology
Sage takes a phased approach to assessing your system, with tools including:
- Footprint Analysis – We search for publicly available information about your company to gain an understanding of your web presence and associated technologies.
- System Service and Vulnerability Identification – We focus on the specific devices, servers, and Internet-facing applications that your company uses to characterize their architecture and identify their vulnerabilities.
- Web Application Analysis, Scanning, and Manual Testing – We review your web application, via automated security tools and manual testing, to uncover telltale comments or error messages, weaknesses in included scripts, vulnerable parameters, and/or vulnerabilities in web application functionality.
What we learn in the Assessment Phase determines how we conduct the final phase:
- Exploitation – Implementation of a simulated attack, exploiting the weaknesses we’ve just identified in an attempt to gain unauthorized access to your systems and information.
Safety and Convenience
Only certified Sage personnel are authorized to conduct our testing, which we perform using both automated and manual tools, commercial and open source applications, as well as internally developed proprietary tools and testing mechanisms. We never subcontract any part of our testing.
To avoid unnecessary interruptions to your workflow, we will never attempt attacks known to cause a denial of service (DoS). We provide you with the source testing IP addresses in advance, and notify you each day when testing will begin and end. If you prefer, we can schedule all of our testing during non-business hours.
Reports and Recommendations
Once we have completed the External Network Vulnerability Assessment and Penetration Test, we will provide you with:
- An executive report in PDF summarizing our findings.
- A corresponding interactive HTML report detailing vulnerabilities by severity for each device.
- An action plan in MS Word with customized remediation recommendations, assignments, and activities.