The founders of Prometheus Global were pioneers in the field of Penetration Testing in the early 1990s. In turn, they have imparted their methodologies, techniques and knowledge to a new generation of engineers who have embraced the latest in security technologies. The marriage of this knowledge with these technologies has resulted in an unparalleled depth of experience and expertise into Penetration Testing.
Prometheus Global understands that data security is about more than just technical controls. This is why our Penetration Testers are also trained in Social Engineering attack techniques. We will employ the same tools and methods that malicious outsiders would use against your organization. For example, methods use such as dumpster diving, social engineering, physical access compromise and 'simulated sabotage' would be utilized. While these techniques may seem extreme, it is important to remember: "Bad guys don't follow rules, and they don't play nice."
|
|
Before we test your network, we provide you with a fully documented test plan and work with you to find an acceptable level of exploitation, and define Rules of Engagement for the operation. We will notify you immediately if the test results include any critical security flaws or any other event that would require emergency intervention on your network. After completion of the Penetration Test, The Prometheus Global's Security Engineers will report the findings to management and technical personnel, illustrating the techniques, analysis, and results of the assessment. The report covers:
- Executive summary
- Technical vulnerability report
- Network design weaknesses
- Process weaknesses
- Other security weaknesses
- Recommended mitigation/remediation measures
- Other recommended actions on maintaining a secure network environment
The ever-increasing volume, complexity and sophistication of attacks on organizations requires that you maintain constant vigilance in all aspects of data protection. We work with you to determine the appropriate frequency for penetration testing to ensure that your network and information are protected from new sources and types of malicious attacks.
NOTE: The goal of a Penetration Test is to break into a network. To do so, Prometheus Global's engineers must necessarily pose temporarily as bad actors. Truly bad actors are not constrained by client requirements, uptime issues or proper authorization. While Prometheus Global takes careful measures to avoid any negative impact while posing as bad actors, the attack tool set and techniques necessarily become more direct, and the risk of negative impact rises. Another way of viewing the process is thus:
Prometheus |
Client
|
RISK |
Cooperative |
Cooperative |
Low |
Cooperative |
Hostile |
|
Hostile |
Cooperative |
|
Hostile |
Hostile |
High |
The vast majority of Security Posture Assessments fall into the top category, Cooperative-Cooperative, with some elements of Cooperative-Hostile. Penetration Testing normally falls into the bottom two categories, where Prometheus Global assumes a hostile posture and utilizes a larger and more ‘unfriendly’ tool set, up to and including denial-of-service tools. Some of the techniques utilized by Prometheus Global are large-scale packet manipulation, Layer 2 protocol manipulation, buffer overflows, SQL injection, social engineering, spear-phishing, and other techniques considered ‘hacker’ activities. These practices carry an element of risk which may not be suitable for certain organizations, in which case we recommend a Security Posture Assessment using industry-standard tools and techniques as an alternative.
|