Continuous Penetration Testing
Professional penetration testers actively monitoring your network for changes, and performing advanced, manual testing against any change of service, web application, or difference in code.
Business, technology and threats are constantly changing. So why should you perform a penetration test just once a year? You shouldn't!
- Employee/Role Changes
- Mergers & Acquisitions
- New Applications
- Software Updates
- Network & Firewall Changes
- New Server Deployment
- Website & Web Application Changes
Continuous penetration testing builds on traditional external penetration testing by closing the gap between engagements. The foundation of our service is built on a suite of tools that perform daily automated scans. When any change is detected between scans, our team is immediately notified
- Detection Time: 10-18+ Months -> Hours
- Changes are immediately scanned for potential vulnerabilities
- An experienced penetration tester manually evaluates the change
You provide us with your domain names and public IP ranges, and we do the rest. Share with us as much or as little as you like. The service is customizable, but we do strongly recommend starting with a thorough (and quality) penetration test.
SynerComm's penetration testers have built an automated alert system to monitor your network. We perform the following daily
- port scans
- DNS bruteforcin
- email and user harvesting from the Internet
- spidering of websites (including snapshots of code used)
- directory bruteforcing against discovered web servers
Alerts are generated when a change is discovered. This triggers SynerComm's penetration tester to perform human-based manual testing against the discovered change.
How is this different than managed vulnerability scanning services?
- Network and vulnerability scans are just one of our detection methods
- Vulnerability scanning is not designed to detect subtle changes
- We use penetration testers (yes, real human beings)
- Even when changes don't occur, you get 1-3+ days of manual analysis each month
- (depending on level of service)
Example: Subdomain Takeover
- ACME Corp uses an online emailing service.
- ACME Corp has a DNS entry of emailer.acmecorp.com. This DNS entry is a CNAME (alias) for acmecorp.example.com
- AMCE Corp stops using the email service but doesn't remove the subdomain.
- An attacker signs up for the email service and chooses the same domain name (acmecorp.example.com). Now the attacker can clone ACMEs website and easily impersonate ACME Corp. This allows the attacker to harvest credentials, cookies, trick ACME Corp customers and send and receive emails as ACME Corp.
This type of vulnerability is called a subdomain takeover. It isn't discovered by automated scanners and it's something SynerComm can help you identify 24/7.
Example: Non-Production System Exposed to Internet
- ACME Corp forgets to remove a firewall rule after decommissioning a public web server.
- 6 months later, a web developer stands up to new server and begins pushing code. The IP address assigned to the server happens to be the same one used by the old decommissioned web server.
- A vulnerable, unpatched system is exposed to the Internet and malicious bots are continually scanning for easy targets.
- Within weeks, days maybe even hours, an attacker has a firm foothold inside your network.
Whether it's an inadvertently exposed server or even a new folder/page pushed to a website, SynerComm will detect it and respond with live human analysis.
SynerComm's continuous penetration testing service provides full detailed, reports on each vulnerability discovered with descriptive remediation actions. Minor changes that don't pose risk are reported monthly. Submission into your own ticketing system is a possibility, just ask!
At the end of the year we can wrap all findings into one report to mimic the look of a point-in-time pentest. Those pesky auditors will even be impressed with the yearlong timeline of open and closed findings.
How do I know if...
…you'll get value? Easy:
AssureIT utilizes only "A-Team" players. Our penetration testers all come to us with strong backgrounds in systems administration, networking, security AND development. This well-rounded background is the basis for expertise in our consulting. Our auditors and consultants each have strong backgrounds in HIPAA, PCI, risk assessment, business continuity, and security program development.
SynerComm's penetration testers have many years of pentest experience. This information shared publically at industry conferences via talks and online at our blog www.shellntel.com.
Still not convinced? Give us a call, we'll be happy to prove it to any way possible.