infrastructure penetration testing
Overview
An Infrastructure Penetration test uncovers vulnerabilities residing within your infrastructure and provides a detailed attack narrative to help evaluate the impacts of each finding. Packetlabs’ Infrastructure Penetration Testing methodology is 95% manual and is derived from the SANS Pentest Methodology, the MITRE ATT&CK framework for enterprises, and NIST SP800-115 to ensure compliance with most regulatory requirements.
Why would your organization need to do Infrastructure Penetration Testing?
Stay compliant by fulfilling all your compliance objectives:
- Fulfillment of compliance objectives includes: PCI DSS, SOC2, FedRAMP, ISO27001, MPA
- Meet cyber insurance requirements
Find vulnerabilities residing in IT systems, applications, or network components:
- Each finding is documented to describe an attack narrative to illustrate the potential risk.
- Go beyond a vulnerability assessment to identify the techniques attackers would take to breach sensitive information.
Protect access to sensitive information by finding weaknesses others overlook
- Go beyond a vulnerability assessment to identify the techniques attackers would take to breach sensitive information.
- Identify any external exposures that could lead to internal access
- Identify the risk to legacy protocols and weak credential hygiene that lead to system and domain compromise
Service Highlights
- Network Security – Check for legacy network protocols that are used by attackers to pivot and elevate privileges.
- System Configuration – Identify gaps in your golden images to allow for further hardening.
- OS and Third Party Patching – Check for gaps in your vulnerability management program.
- Client-Side Protection
- Authentication
- Database Security
- In-depth approach to provide a holistic report
- Reports with Risk Rating Scale