- Locate vulnerabilities and access points into an organization’s cyber networks.
- Utilize extensive manual testing, as well as the industry best automated scanning software.
- Supply a modular approach to pricing and the assessment levels being performed to suit every organization’s needs and goals.
- Assist with gaining compliance for government regulations such as HIPAA and PCI DSS.
- Provide a written summary of recommendations to locate and secure security flaws within the target networks.
Seek out all vulnerabilities within a specified scope of engagement. This will test the integrity and security of a specified network. Spector Security is prepared to analyze a high volume of internal and external IP’s, while maintaining a high standard of automated and manual tests.
Spector Security is prepared to handle any client of any size. Clients will have unique needs based on the size and function of their organization. Spector Security is prepared to analyze any number of internal and external IP addresses. Most commonly, internal and external networks will be separated and priced individually based on their respective number of IP’s for each network.
The methodology will vary based on the level of assessment purchased by the client (vulnerability scan, penetration test and red team exercise). During all Spector Security assessments, the highest standards are in place to ensure the most comprehensive and thorough evaluations are conducted. A comprehensive set of protocols are in place to ensure that a high volume of manual tests are conducted on every IP address. The following attack vectors will be explored by automated and manual tests (limited not only to these topics/services):
- Service enumeration and port scanning
- Manually explore SSH, FTP, SMB and other common services that are vulnerable to attacks and misconfigurations
- Password attacks by common and custom word lists
- Pivoting and post exploitation for further enumeration and network access
Clients can expect a thorough written evaluation of the target networks with usable information that can immediately be implemented to drastically increase their network security. Reports will be finalized and delivered on an agreed upon time frame (this will vary based on the number of IP addresses in each target network). A debrief of the findings from the report is recommended and available via electronic communications or in-person upon request.