Is your business at risk?
Disclosure of confidential information
Disclosure of sensitive data can result in loss or damage, such as identity theft, lawsuits, loss of business, or regulatory fines.
The need to protect access to credit card information, medical records and sensitive data such as your customer's username and passwords is critical in order to maintain
customer confidence. Failure to secure this data can lead to unnecessary and costly financial consequences.
Brand and Intellectual Property are
organizations important assets. This includes the company's knowledge, ideas and identity. Any loss in this area will destroy your competitive advantage, your reputation and your position in the market place.
Prevent financial loss through fraud
Cybercrime is one of the fastest-growing criminal activities on the planet and as a result businesses are loosing billions of pounds every year.
Cybercrime covers a huge range of illegal activity including financial scams, computer hacking, downloading pornographic images from the internet, virus attacks, stalking by e-mail and creating websites that promote racial hatred.
Client-side attacks
Another growing security issue, typically
from an external source, is an attack on targeted users from your internal user base.
Too often organizations focus on
server/perimeter protection which is not relevant to this threat leaving the user
community wide open. In reality this is a threat to the desktop and if not treated in isolation can remain the 'weakest link'. Neglect can have enormous financial consequences.
Business continuity
Organizations need to ensure that their critical business functions will be available internally and externally to their customers, suppliers, regulators, and other entities that must have access to those resources and functions. A breach in data availability can have huge consequences in the running of the business which in turn can lead to internal disruption and chaos, reduction in customer confidence and therefore retention, lack of trust and loss of revenue.
Do you need Penetration Testing?
Evaluate your IT security investment
A snapshot of the current security posture and an opportunity to identify potential breach points. The penetration test will provide you with an independent view of the effectiveness of your existing security processes in place, ensuring that patching and configuration management practices have been followed correctly.
This is an ideal opportunity to review the efficiency of the current security investment. What is working, what is not working and what needs to be improved.
Protects clients, partners and third parties
Increases clients, partners and third parties confidence in the knowledge that you are taking a professional approach by taking the necessary measures to maintain the security of your environment.
This will lead to maintaining existing business, attracting additional and new business and subsequently increase revenue and profit.
Reducing risk to the business
A penetration test will show the vulnerabilities in the targeted systems and the risks to the business. Based on an approved approach each of the risks is then evaluated. This forms the basis for a detailed report classifying the risks as either High-Medium-Low.
The categorization of the risk will allow you to tackle the highest risks first, maximising your resources and rapidly reducing the impact of the risk to the business.
The Value of Penetration Testing Services
Why SECFORCE?
Pride in the excellence of our work
Established reputation with a strong customer base of large corporates A structured approach built on proven
methodologies including CREST, OWASP and OSSTM
Ability to assist companies early in the development lifecycle to create secure applications
Trend analysis tracking progress across multiple tests for the same client using this data to assist in improving processes which might be flawed
A history of building strong working partnerships with our clients
We care A business built on the delivery of penetration
testing and security services
A proven combination of commercially tools and bespoke custom tools to assess the security posture effectively
Experience in multiple sectors and therefore ability to quantify risk in context not just as a metric
Output includes thorough reports with
recommendation for an effective way forward to ensure maximum benefit back to the business
A CREST certified team which follows and maintains strict code of ethics
Developing trust is important as we move forward together
Case Study
Power station protection secured
The challenge
SECFORCE was selected by a power station based in the UK to provide a security health check of their internal corporate network. The power company was confident that all the regulations and security best practices had been followed, especially as the power plant operated a tight critical infrastructure. The client
confirmed that the internal network and their SCADA (supervisory control and data
acquisition) systems were not interconnected and therefore it should not be possible to reach their most critical systems.
SECFORCE results
By using a structured approach the SECFORCE team, with no privileges, connected to the internal network. SECFORCE then identified a web application vulnerable to a number of attacks which could allow an anonymous attacker to fully compromise the back-end database. It was later discovered that the same database server was also used by the SCADA systems to log information, which could then be readily available for internal corporate users to access.
A misconfiguration in the firewall separating both networks allowed access from the compromised database server to the SCADA network. It was identified that it was possible to access all the control panels and potentially manipulate all the settings in the power plant. SECFORCE on completion of the penetration test provided a findings report together with
recommendations which was then presented both to business and technical management. Effective mitigating actions were implemented at which point SECFORCE carried out a re-test to ensure the critical infrastructure was totally secured.
SECFORCE UK
Suite 11, Beaufort Court Admirals Way
E14 9XL London
TEL +44 (0) 845 056 8694
SECFORCE is a leading penetration testing company
working with key organizations to protect their business
infrastructure from internal and external attacks
Services delivered on-site and off-site as required
SECFORCE SOUTH AFRICA
Palazzo Towers W, Montecasino William Nicol Dr, Johannesburg Fourways, Gauteng, 2000 TEL +27 (0) 11 5100 161
