Security Consulting Services

Helping Identify Exposures and Assessing Business Implications

DOWNLOAD PDF

Do You Know if You're Vulnerable?

On average, companies that never pen-test have over 20 vulnerabilities, and the scarier news might be that those vulnerabilities are left open for an average of 431 days! Also, with 78% of all companies studied having at least one vulnerability, how confident are you about your security?

 

More Than Just Penetration Testing

Security Consulting Services (SCS) is a complete service provided by Core Security to ensure that vulnerabilities are minimized and that your defenses are running in top shape by offering the following:

  • Red Team 
  • Penetration Testing 
  • Software Security Assessment 
  • Attacker’s Tactics and Techniques 
  • Actionable and easy-to-follow results

With SCS it’s easy to assist security professionals with security decisions, evaluate and measure cyber risks, and meet compliance, all while providing an additional proof point of security.

 

Data That's Useful

Testing is useless unless it achieves actionable results. With SCS you get reports written by experts that highlight key data and exactly how targets were compromised as well as recommendations on best practices.

 

SCS Services Offered

Red Team 

Testers use all the industry leading tools and methods real hackers user to evade detection while discovering exploitable areas of the network, applications, credentials, and devices.

Scope
Networks, applications, users, and any vector an attacker is likely to take advantage of.

Actors
Consultants mimicking attacker’s techniques and tactics. Liaison with internal security team is optional.

Objectives
Simultaneously test for vulnerabilities while also testing for defense readiness of the internal security team.

Outcomes

  • Identify vulnerabilities exploited and attack paths 
  • Description of techniques and tactics
  • Level of readiness of your defense team
  • Fixes and mitigations

 

Penetration Test

Evaluate the resilience of your organization against real-world attacks. Consultants will find and exploit vulnerabilities to get access to privileged systems and information.

Scope
Enumerate components and systems. Networks, applications, and users are usual targets.

Actors
Consultants mimicking attacker’s techniques.

Objectives
Think of worst case scenarios:

  • Cloud admin creds stolen 
  • IP documents extracted

Outcomes

  • Identify vulnerabilities exploited and attack paths 
  • Description of techniques and tactics 
  • Fixes and mitigations

 

Software Security Assessment

Assess the security of an application or group of applications and their ability to resist attacks. Evaluate your defensive programming practices.

  • Assess a system or groups of systems that are logically connected and cooperate to provide business functionality
  • Find as many vulnerabilities as possible 
  • Evaluate the code quality in terms of security 
  • Create running proof-of-concepts of the findings

 

What Does SCS Test?

SCS tests 5 major areas of security: applications, security awareness, likelihood of attack, cloud infrastructure, and networked device security.

Determine if an Application is Secure

  • Mobile, web desktop
  • Built in-house, by third party, or customized

Security Awareness

Understand the level of security awareness of the organization against phishing attacks.

  • Targeted phishing campaign
  • Defense readiness
  • User awareness

Likelihood and Impact of an Attack

Determine the likelihood of an attacker compromising the network and the impact it would have.

  • External facing
  • Corporate
  • Wireless

Cloud Infrastructure

Determine the security posture of any cloud based infrastructure.

Networked Device Security

Determine if networked devices are secure.

  • Cameras
  • VoIP phones
  • Networked speakers
  • Sensing and monitoring
  • Devices
  • Gateway
  • Data engines
  • Applications
  • Internet of things