Rapid Hybrid Pentest

Validating control effectiveness, one exploit at a time...

Penetration testing is a crucial process in the assessment and validation of an information security program. While vulnerability testing identifies potential weaknesses, it does not provide enough context to make sound risk management decisions. When combined with penetration testing, information security professionals get the proof or validation they need. When done thoroughly and methodically, penetration testing can be an excellent method to validate the capabilities of critical security controls. SynerComm's Rapid Hybrid Pentest maximizes actionable results while minimizing time and expenses.

What is a Rapid Hybrid Pentest?

Using non-malicious exploits and infected documents, the Rapid Hybrid Pentest validates the effectiveness of the controls protecting end-user systems. The process includes delivering live exploits to potentially vulnerable applications and operating systems to determine which security controls are effective at preventing real attacks. The Rapid Hybrid Pentest is designed to test network-based web security controls, email security controls and host-based security controls. To assure the validity of the results, the Rapid Hybrid Pentest targets the most common vulnerabilities and their associated applications.

Target Operating Systems and Applications

  • Microsoft Windows (XP, 7, 8/8.1, 10)
  • Microsoft Office
  • Java
  • Adobe Flash
  • Adobe Acrobat and Reader
  • Internet Explorer

Controls Evaluated

  • Threat Prevention Firewalls
  • Web Gateways and Proxies
  • Email Gateways (On-Premise/Cloud)
  • Network Anti-Virus
  • Intrusion Prevention Systems
  • Host-Based AV, Whitelisting, EMET, DEP

How it Works:

SynerComm’s Rapid Hybrid Pentest is offered as a Professional Service and a SaaS Application. The professional service was designed for clients with limited IT staff or for those requiring an evidence-based audit report. The SaaS Rapid Hybrid Pentest application was designed as a self-service portal for clients with an information security background who wish to test and evaluate their own controls. During a test, our clients monitor the consoles and logs of their firewall, intrusion prevention, anti-virus, email gateway and web gateway to validate which control (if any) detect or prevent each attack.

Features:

Regardless of whether you run the test yourself through our online application or through our professional services, your Rapid Hybrid Pentest report will include:

  • An executive summary of the testing scope along with high-level findings and conclusions
  • A table containing the results for each control tested against each exploit attempted
  • An appendix containing descriptions for each exploit including its CVE number

Questions Answered:

Ultimately, a Rapid Hybrid Pentest report will answer these questions:

  • Could a system with unpatched vulnerabilities actually be exploited?
  • Could a successful exploit provide an attacker with access to my systems, data or network?
  • Do my controls (anti-virus, intrusion prevention, email filter, web filter) actually work?

SynerComm's Rapid Hybrid Pentest validates controls at multiple key points on your network. It also educates security professionals on what real attacks look like as they pass through their controls!

We also perform traditional penetration tests and other security auditing services. For information on other AssureIT services, please visit our AssureIT page.

For more information contact SynerComm at (262) 373-7100 | CustomerCare@synercomm.com

Real Time Analytics