Penetration Testing / Sec Audit
Security when and where it is needed, which is always before you think...
Everyone knows that security is critical if you want to keep your data to yourself and your company name out of the headlines (for the wrong reasons). The way to do this is to work to make security part of everything you do and to get help from the outside to avoid the dangers of groupthing and being wishful. Penetration testing and security audits provide the reality check that helps you and your staff to really know if your systems are as secure as they should be.
How Penetration Tests and Security Audits Help
When a system is brought online it has usually been put through a number of tests by QA as well as user acceptance testing, market testing and more, but if security testing is not part of the process then this is a big mistake especially if the system is in any way exposed online. Having an experienced team perform both automated and manual penetration testing will help flush out any blind spots and make sure that assumptions do not undo all of the hard work that brought the system into service. There are a wide range of methods that can be used, but they all aim to find potentiial weak spots or overt vulnerabilities in the system, interface or endpoing under investigation and this leads to getting them addressed before they can result in a breach of the system.
Strategies - Types of Engagements
There are several ways to approach conducting a penetration test or security audit. All of the tese services are available from DTS and can be conducted remotely using a schedule convenient to your team without sacrificing quality:
Black Box Penetration Test: Our team is given nothing more than an IP address or domain address and the rest is on us. This kind of testing simulates what bad actores out in the world can do without the benfit of any special information. These tests are less likely to find all potential vulnerabilies, but they are a great reality check.
White Box Penetration Test: Our team is given extensive information about how the target system is setup and configured including architectural diagrams and the versions of all component systems. This kind of test helps flush out vulnerabilities that might never be found by an external actor, but does a good job of showing what an inside actor could do from the outside.
Code and/or System Audit: Like White Box testing, Security Audits need to be done with the knowledge of the internal workings if the system and what is more, the code and configuration must also be made available so problems can be identifie even if they are not yet exploitable vulnerabilities. Interviews are conducted and a detailed recommendations report caps the engagement. A Code or System Audit will help guide not only remediating, but also how technical staff should be trained in the future to enhance security of systems yet to be developed.
Internal Thread Analysis: For most organizations, insider attacks are the most devastating and the hardest to detect and prevent. Similar to our Code or System Audit, but focued on the hardening of systems such that they are secure from internal threads, which are typically far more dangerous than external threats.
Compliance Audit: In many organizations auditing has taken a more and more important role. When you need an audit to show compliance with a specific regulation then this is the service for you. Each type of compliance audit has different requirements and some require special certifications or expertise so while we do conduct various types, no one can do every type out there. We will be straight about those we can and cannot support.
|Security+ Certified Staff||✔|
|Certified Ethical Hacker (CEH) Certified Staff||✔|
|Storage System Experts on Staff (NAS,SAN,etc)||✔|
|Active Directory Experts on Staff||✔|
|Email Server Experts on Staff||✔|
|Windows Server Experts on Staff||✔|
|Physical Security Experts on Staff||✔|
|Disaster Recovery Experts on Staff||✔|
|Web and System Developers on Staff||✔|
|SQL Server Experts on staff||✔|
|100% US Citizens (and US based) only provide our security services.||✔|
Security Expert Sample
Patrick Hynds is the President and Founder of DTS and a Microsoft Regional Director since 1998. Named by Microsoft as the Regional Director for Boston, he has been recognized as a leader in the technology field. Since 2006, Patrick has been honored as a Microsoft MVP in Developer Security. An expert in Microsoft Technology and experienced with other technologies as well, Patrick has taught software development, network architecture, and has been a successful consultant who enjoys mastering difficult troubleshooting assignments. A gradute of West Point and a Gulf War veteran, Patrick brings an uncommon level of dedication to his role at DTS. Experienced in addressing business challenges with special emphasis on security issues involving leading-edge database, storage, web and hardware systems. Patrick has presented at major technical conferences including: TechEd US, TechEd Hong Kong, the Middle East Developer's Conference in Cairo, Egypt, Microsoft Security Summits in New York and Boston, DevDays, CodeCamp and many more. In spite of the demands of his management role at DTS, Patrick stays technical and in the trenches acting as Project Manager and/or developer/enginner on selected projects and security engagements.
Additional resource bios and consulting resumes available as needed.