Hitachi

Contact Us
Your menu is empty or not selected! How to config a menu
Contact Us
Contact Us
Home Penetration Testing

Penetration Testing

Penetration testing (also called “pentesting”) includes network penetration testing, social engineering, application assessment as well as controls and processes around the networks and applications. This should occur from both outside and inside the network.

Penetration or intrusion tests simulate a real attack against your infrastructure in a controlled environment, allowing our certified consultants to evaluate your system’s capacity and provide you with recommendations on how to improve your defense against technological vulnerabilities that can lead to intrusions, fraud and service interruptions.

Access Our Penetration Testing Brochure
Strengthen your network security with a vulnerability assessment. Request a free quote.

Penetration Testing Pricing

Need to get a quote for a pentest?

Why Conduct a Pentest?

A Pentest will help you:

security shield

Protect your Corporate & Customer Information

null

Comply with Industry & Government Regulations

locks

Preserve your Organization’s Integrity & Reputation

Pentest Methodology

We understand that a proven methodology is key to performing a successful pentest. That’s why our pentests are based on the Penetration Testing Execution Standard (PTES) methodology, which establishes common tools, techniques and elements to be covered. The PTES methodology is based on 7 distinct steps that are recommended for each penetration testing engagement.

When to Perform a Pentest

Many organizations will conduct a penetration test because they may suspect or know that they have already been hacked and now want to find out more about the threats to their systems in order to reduce the risk additional attacks. Conversely, an organization may also be proactive and want to know in advance about any threats that face their organization as a whole or a new system before it goes live.

Common scenarios include application launches, major changes or updates and compliance regulations.

Steps Performed during a Pentest

null

Pre-engagement Interactions

Our project management team will begin the client engagement with a conference call, web conference or meeting (the kickoff meeting) to review logistical and tactical details that will be required knowledge throughout the engagement.
null

Intelligence Gathering

Prior to any active assessment activity against a client, our security analysts will gather all necessary information to perform a thorough assessment. Depending on the type of assessment, multiple information-gathering approaches may be taken, e.g. open-source intelligence gathering or internal data gathering.
null

Threat Modeling

The objective of the threat modeling exercise is to understand the impact of technical network-related threats to the business. This high-level exercise is not as complete and thorough as an exhaustive threat risk assessment, but the resulting threat profile will help us ensure that the technical testing considers threats that may have a high impact on business operations.
null

Vulnerability Analysis

During the vulnerability analysis, we will perform manual or automated vulnerability scans to identify vulnerabilities in your in-scope environment. Then, we will conduct a scanning validation exercise to identify false positives and items that require manual validation. Network traffic captured through passive gathering tools is reviewed for information leakage through clear text protocols. Once the environment has been mapped and individual device profiles created, security analysts begin the search for vulnerabilities that may allow system compromise, or information disclosure that will aid in compromising another system.
null

Exploitation

During the exploitation phase, we will perform the actual penetration test and will attack the systems if a potentially viable method of exploitation exists. As every engagement is different, identifying an exact attack methodology prior to this phase of the engagement is not practical.
null

Post Exploitation

The objective of the post-exploitation phase is to determine the value of the compromised asset(s) and attempt to maintain control of the machine for later use. We will identify and document sensitive data, identify configuration settings, communication channels, and relationships with other network devices that can be used to gain further access to the network, and setup one or more methods of accessing the machine at a later time. The methods of post-exploitation include infrastructure analysis, pillaging, high value/profile targets and data exfiltration. The phase is completed with a cleanup process to remove all traces of the penetration testing, such as backdoors or rootkits.

Steps Performed during a Pentest

null

Pre-engagement Interactions

Our project management team will begin the client engagement with a conference call, web conference or meeting (the kickoff meeting) to review logistical and tactical details that will be required knowledge throughout the engagement.
null

Intelligence Gathering

Prior to any active assessment activity against a client, our security analysts will gather all necessary information to perform a thorough assessment. Depending on the type of assessment, multiple information-gathering approaches may be taken, e.g. open-source intelligence gathering or internal data gathering.
null

Threat Modeling

The objective of the threat modeling exercise is to understand the impact of technical network-related threats to the business. This high-level exercise is not as complete and thorough as an exhaustive threat risk assessment, but the resulting threat profile will help us ensure that the technical testing considers threats that may have a high impact on business operations.
null

Vulnerability Analysis

During the vulnerability analysis, we will perform manual or automated vulnerability scans to identify vulnerabilities in your in-scope environment. Then, we will conduct a scanning validation exercise to identify false positives and items that require manual validation. Network traffic captured through passive gathering tools is reviewed for information leakage through clear text protocols. Once the environment has been mapped and individual device profiles created, security analysts begin the search for vulnerabilities that may allow system compromise, or information disclosure that will aid in compromising another system.
null

Exploitation

During the exploitation phase, we will perform the actual penetration test and will attack the systems if a potentially viable method of exploitation exists. As every engagement is different, identifying an exact attack methodology prior to this phase of the engagement is not practical.
null

Post Exploitation

The objective of the post-exploitation phase is to determine the value of the compromised asset(s) and attempt to maintain control of the machine for later use. We will identify and document sensitive data, identify configuration settings, communication channels, and relationships with other network devices that can be used to gain further access to the network, and setup one or more methods of accessing the machine at a later time. The methods of post-exploitation include infrastructure analysis, pillaging, high value/profile targets and data exfiltration. The phase is completed with a cleanup process to remove all traces of the penetration testing, such as backdoors or rootkits.
Network Traffic Analysis (optional)
Vulnerability Scanning, including filtering false positives
Network Infrastructure Review (optional)
Production of a final Vulnerability Report
Scanning Validation
Vulnerability Research
Network Traffic Analysis (optional)
Vulnerability Scanning, including filtering false positives
Network Infrastructure Review (optional)
Scanning Validation
Production of a final Vulnerability Report
Vulnerability Research

Pentest Deliverables

The deliverable of a penetration test is a detailed report, including all test findings as well as the necessary countermeasures and recommendations to secure your IT infrastructure. If needed, our team can also prepare a presentation of the results to your IT team or executive team.

Executive Summary

The executive summary describes your overall security posture and indicates items that require immediate attention.

Technical Review

The technical review outlines the activities performed to determine vulnerabilities and the results of the activities conducted when attacking target systems, including the methodologies used.

Vulnerabilities & Exploits

We will provide a detailed list of the vulnerabilities discovered as well as their exploits, listed in order of criticality.

Recommendations

To optimize protection of the assets identified in the report, we will provide a series of actionable recommendations to strengthen your security posture.

Appendix

The appendix section usually captures tool outputs, screenshots, or other data that helps give greater context or clarification about the vulnerabilities detected.

play arrow

What is Penetration Testing?

Our Expertise as Penetration Testing Service Provider

We are proud to work with a team of security professionals who are not only super passionate about security, but also highly qualified. Here’s an overview of our team’s many security certifications:

CBCP: Certified Business Continuity Professional

CCNA: Certified Cisco Network Associate

CCSE: Check Point 2000 – Management II

CEH: Certified Ethical Hacker

CGEIT: Certified in the Governance of Enterprise IT

 CISA: Certified Information Systems Auditor

CISM: Certified Information Systems Manager

CISSP: Certified Information Systems Security Professional

COBIT5 Implementation Certified

CRISC: Certified in Risk and Information Systems Control

CSSLP: Certified Secure Software Lifecycle Professional

ECIH: EC-Council Certified Incident Handling

GCIA: GIAC Certified Intrusion Analyst

GCIH: GIAC Certified Incident Handling

GIAC: Global Information Assurance Certification

GSEC: GIAC Security Essential Certification

PCI-QSA: PCI, Qualified Security Assessor

ISO 27001: Lead Auditor de la norme ISO pour les SGSI

ISO20000 & ISO27001 Professional Certified

OSCP: Offensive Security Certified Professional

Why Project Management is Important

The success of a penetration test will depend on whether you manage it as a distinct project. At Hitachi Systems Security, we have defined project management processes and methodologies in place to ensure that your pentest project is executed to your satisfaction.

Our Project Management Office is run by certified Project Management Professionals (PMP)®, who have the necessary expertise and experience with managing penetration testing projects. Together with our clients, they will ensure to keep your pentest on track and within budget, manage your expectations and ensure quality deliverables at the end of the project.

Vulnerability Assessments Services Benefits

Reduce Costs Associated with Network Downtime

Avoid network downtime and the costs associated with it by discovering vulnerabilities and eliminating them.

Manage Vulnerabilities Using Greater Intelligence

Understand your vulnerabilities by gaining insights into why they occur and how to remove them. Analyze and rank exploitable weaknesses based on their potential impact and likelihood of occurrence.

Preserve Corporate Image and Customer Loyalty

Any downtime or missteps can be harmful to an organization’s image. Penetration testing finds vulnerabilities before they become problems.

Improved Compliance

Ensure you are in compliance with customer and shareholder requirements, regulations and standards. We can help you comply with major regulations such as SOX, PCI, NERC/ CIP, SAS70/SSAE16, HIPAA, ISO, and more.

Talk to a security specialist

Protect your business today