Penetration Testing and Vulnerability Assessment
Penetration testing is the process of probing a network to identify security vulnerabilities that could be exploited by outside parties. From a business perspective, it is a necessary process in determining the current state of your network security and is recognized as a vital part of ongoing due diligence to prove compliance to your industry regulators, customers and shareholders.
Group-IB’s Penetration Testing addresses external and internal networks, physical security, network topology, and directory and domain services. Our testing helps you shape and direct your information security strategy by identifying vulnerabilities and quantifying their impact so that proactive, appropriate steps can be taken and corrective action implemented.
White Box can be best described as a test where specific information has been provided in order to focus the effort. In penetration testing, white-box testing refers to a methodology where our experts has full knowledge of the system being attacked. The goal of a white-box penetration test is to simulate a malicious insider who has knowledge of and possibly basic credentials for the target system.
Black Box is alternative penetration testing model where no information is provided by the client and the approach is left entirely to the penetration tester (analyst) to determine a means for exploitation.
Our testing supports compliance initiatives for regulations such as GLBA, HIPAA, Sarbanes-Oxley Act, PCI DSS, FISMA, FFIEC, and others that require penetration tests. All Network Security Assessment and Penetration Testing activities include a comprehensive report at the completion of the testing process. This report details identified security issues, provides a rating of severity and recommends best practices for remediation.
In the technologies field, it is imperative that our team members are on the cutting edge. That is why our employees have earned several certificates: CISSP (Certified Information Systems Security Specialist), CISA (Certified Information Systems Analyst), CEH (Certified Ethical Hacker), Extreme Networks Administrator, A+ Certification, Net+, MCP (Microsoft Certified Professional), and MCSA (Microsoft Certified Systems Administrator).
We have more than 90 employees serving customers in more than 25 countries. Our clients include various banks, financial institutions, oil and gas companies, software and hardware vendors, telecommunications service providers from Australia, Argentina, Brazil, Canada, EU, Russian Federation & CIS, UK, USA and Ecuador.
Group-IB employees participate in key IT-security conferences such as e-Crime, Cardex, APWG:Counter-eCrime Operations Summit (CeCOS), SCADA Security Summit.