Vulnerability Assessment & Penetration Testing
Scheduled vulnerability scans of your network will aid in the identification of weaknesses, gaps, and common configuration errors that an adversary could use against you.
We work with our clients to understand not only the technical aspects but also the business criticality of the systems assessed. By assessing systems in their full business context, you can then prioritize resources, set expectations, and address risks to the business in a sound manner.
Risk based vulnerability assessments, built on sound processes and procedures ensure not only that regulatory and compliance needs are met, but also your organizations unique needs and concerns are addressed as well.
Commodity penetration testing services that treat penetration testing as a “one size fits all” don’t work. A penetration testing engagement is just as unique and varied as each client environment we work in.
We see to understand what the organization is attempting to accomplish, scoping the engagement to meet those specific needs. We work with our clients to ensure that they receive the full value of their penetration test.
Our Vulnerability Assessments and Penetration Tests are based on recognized frameworks such as the Open Source Security Testing Methodology Manual (OSSTM) , Information System Security Assessment Framework (ISSAF) and the Penetration Testing Execution Standard (PTES).
Advanced Persistent Threat Adaptive Penetration Testing (APT²)
The Advanced Persistent Threat Adaptive Penetration Testing (APT²) model is aimed at replicating adversarial tactics, techniques, and processes used in the targeting and attacking of an organization. A defined framework to gain entry and establish persistence within an organization, APT² is a framework aimed at testing the readiness and resiliency of any organization.
Do you know how an adversary is going to get in? Do you know when they are going to attack? Will it be an insecure service that is running? A phishing email that an employee clicks on? Will they walk in the front door?
ISO certified Techr2® has developed an ISO 27001 and 31000 compliant Risk Assessment program that can help Ohio companies implement and maintain a program that follows the NIST Cyber Security Framework (CSF). TechR2 is a high-level manufacturer of data security systems and service providers for data destruction, data wiping and secure data transport.
An Ohio company can join the initiative by attending a working seminar where TechR2 will lead you through the Risk Assessment process and bring you up to date on the regulations that are binding to your organization.
System Compromise Simulation
The System Compromise Simulation model is aimed at replicating an adversary who has successfully bypassed your security controls and has established a persistent presence on your network by simulating common command and control techniques.
The goal of this engagement is to determine the responsiveness, maturity and capabilities of your managed security services provider, information security, information technology and incident response teams and their ability to identify and respond to an incident.
The Technical Evaluation model is a technology-focused engagement where we collaborate with your information security, information technology, and incident response teams to identify any potential gaps, system configuration errors, vulnerabilities, and potential abuses which may be resident on your network and that an adversary may use to gain and/or maintain access.