What is Vulnerability Scanning and Penetration Testing?
Vulnerability scanning solutions allow organisations to determine if they have any security risks in their infrastructure setup. This may be a configuration error or a weakness in a certain application, etc. Scans can be conducted regularly and after changes to minimise vulnerabilities, they are generally non-intrusive.
Penetration testing can be done externally trying to enter in to the business or internally to see what may be at risk on the LAN. The test simulates a hacker attack and once a vulnerability has been identified, a pen tester then tries to exploit that vulnerability to see what the risk maybe, it is this exploitation by a person that differentiates Pen Tests from Vulnerability Scanning. Many auditors require a pen test as part of their assessment.
In an increasingly uncertain world that is relying more on data and communication, organisations need to be more careful than ever that their security is up to the task of protecting their assets and to also safeguard their customers, suppliers and the general public. Cygnia offers a comprehensive range of security testing services that test all aspects of an organisations security with a full report and remediation advice for their management team.
External Vulnerability Scanning
Nearly all organisations will have at least one internet connection, often running multiple services such as VPNs, email, web surfing, web servers, etc. Having your servers and network available over the internet is important for communication and data transfer however, it does open the door to potential security threats and hackers.
Cygnia’s External Vulnerability Scanning seeks out security flaws on public facing services and network equipment to see if and where a system could be exploited or threatened. The service is provided remotely by one of Cygnia’s highly trained security consultants using the Cyberscheme methodology generate a report so that the organisation can confirm the status of the security and make any needed changes.
External Penetration Testing
External penetration tests take vulnerability Scanning to the next level. Not only does a penetration test look for security flaws in public facing services and network equipment additionally our highly skilled consultants test to see if these flaws can be exploited. Penetration tests use different techniques and work in a very similar way to an actual hacker but with agreed parameters and boundaries so not to disrupt or compromise the organisation being tested. Cygnia’s External Penetration Test uses the Cyberscheme methodology which is accredited by CESG.
Internal Penetration Testing
Internal penetration tests are designed to emulate the risk of an attacker who has breached the network defences from a remote location, inside the premises or connecting to the WiFi from outside the building. The test is designed to analyse how easy it is to compromise the network or system and what information they could access and take. Further testing includes escalated permission, this emulates the malicious insider and what they could do.
Cygnia provides Internal Penetration Testing through their highly trained consultants and a scope is agreed before a test is undertaken to ensure its success. A report is produced that details if and where any issues exist and addresses them.