Traditional penetration tests and assessments focus on particular areas of discipline, such as technical controls, physical security, policy compliance or social engineering. Because attackers do not limit their attacks to a single discipline, neither does TraceSecurity’s Advanced Persistent Threat (APT) Assessment. The service is a comprehensive assessment that tests the ability to exploit multiple attack vectors in a realistic, multi-discipline engagement. In a controlled exercise, a TraceSecurity Information Security Analyst mimics the actions of an actual attacker and identifies any resulting weaknesses that could result in the unauthorized disclosure, misuse, alteration, or destruction of confidential information, including Non-Public Personal Information (NPPI).
 

The Compliance Overview

IT security and compliance regulations and guidelines, such as GLBA, FFIEC, HIPAA, NCUA, FDIC, etc., require organizations to conduct independent tests of their information security and compliance programs. In addition to regular security assessments, best practices recommend that organizations perform penetration tests to ensure the security of their information systems and critical data.
 
The APT assessement is realistic and fulfills several testing objectives simultaneously – all while reducing cost and delivery time compared to identical, individual services.
 

The TraceSecurity Solution

Attackers employ a variety of techniques to create a synergistic attack, and it only takes one successful exploit to enable further attacks. TraceSecurity’s APT assessment examines and tests your organization’s controls at multiple layers: technical controls, personnel and procedural controls, and physical controls. Tests are designed to identify any weaknesses that could be used by external attackers to disrupt the confidentiality, availability, or integrity of the organization’s data and information systems. Once identified, you are able to address each weakness.
 

TraceSecurity's Security Testing Methodology:

  • Scope and rules of engagement
  • Organizational intelligence gathering
  • External network scanning
  • Network mapping
  • System and services vulnerability testing
  • Analysis and identification of attack vectors
  • Exploit testing and penetration attacks
  • External social engineering attacks (technical and non-technical)
  • Onsite social engineering attacks
  • Physical security circumvention testing
  • Immediate notification of critical risks


Results are provided in an extensive report containing:

  • Project overview
  • Test methodologies
  • Executive summary
  • Business and technical risks and recommendations
  • Exploitation results listed by risk and area of concern
  • Details and exposure of vulnerabilities
  • Appendix        

 

Contact us for a FREE Consultation