Security Testing Services from Keep IT Secure.

PENETRATION TESTING AND VULNERABILITY ASSESSMENT

Our Penetration Testing and Vulnerability Assessment Services are delivered by professionally accredited Meritec IT security specialists using Industry recognised skills, methodologies and comprehensive toolsets to ‘attack’ (by prior arrangement with the client) an organisations’ networks and systems in an attempt to gain access.

The Services confirm the effectiveness of security measures that may already be in place, or alternatively identify current or potential areas of weakness. The testing highlights and assesses the risks to IT security and provides recommended measures to mitigate those risks. It provides evidence that the organisations’ networks and systems have been independently scrutinised by qualified practitioners (Meritec).

The services are offered both as one off assignments and as on-going services. It is normally recommended that repeat testing is undertaken at least every six months or if any major alterations are implemented to systems or infrastructure in which case it is good practice to have a test done immediately before or immediately following go-live.

For organisations with a need to be compliant to PCIDSS standards a quarterly scan is normally required.

Different levels of testing and scope are offered depending on client needs, these include:-

Vulnerability Testing – this is confined to external testing of the network and does not seek to exploit identified vulnerabilities.

Penetration Testing – this provides full Penetration Testing to include exploitation of vulnerabilities and, within the scope defined by the Security Test Agreement may include (in addition to external testing of the network):

  • Internal Security Assessment.
  • Application Security Assessment.
  • Wireless / Remote Access Security (RAS) Assessment.
  • Telephony Communications Security Assessment.
  • Website Application Development and Hosting Assessment.
  • Susceptibility to Social Engineering and similar attacks.

Our testing is performed by Meritec Certified Ethical Hacking (CEH) consultants. The Consultants launch and manage attacks on the customers’ infrastructure using tools and techniques deployed by actual hackers. This provides a far more robust test of security and most directly simulates a likely attack whereas many automated products cannot do that – and anyway the experienced hackers quickly find or develop workarounds for automated products.