PHYSICAL & LOGICAL/TECHNICAL SECURITY SERVICES

An organization's priority when it comes to security, whether it be physical, logical, or technical, is to identify where its weaknesses and vulnerabilities exist and to mitigate them to the highest degree possible before a malicious bad actor does. The real damages associated with a breach can be disastrous in measurable financial terms through fines, penalties, and litigation, but the cost to your firms' reputation and good-standing may not recover.  

RedPenSec (Red Team, Penetration, Security) offers a wide variety of cybersecurity services and options dedicated to keeping your organization’s finger on the pulse of its security stance, protecting your people, assets, and reputation.   

 

Contact us for a complimentary one-hour consultation.

B&W Coding Image Services Image.jpg

Internal & External Vulnerability Scanning Services 

Internal/External Vulnerability scanning focuses on identifying host and network-based security issues within target environments using a combination of industry standard, open-source, and proprietary tools combined with AI powered testing methodologies. 

 

• Identify security issues affecting accessible assets 

• Identify missing patches, recommended system upgrades, and out-of-date software 

• Catalog known vulnerabilities associated with an open port or running service 

• Ensure compliance with approved configuration standards 

B&W Coding Image Services Image.jpg

Penetration & Segmentation Testing Services 

Penetration testing and post-exploitation focus on the controlled exploitation of vulnerabilities in services and insecure configurations identified in the target environment using a combination of tools and techniques. This phase focuses on emulating adversaries attempting to compromise the organization by gaining unauthorized access to critical data, intellectual property, or organizational assets which could affect the confidentiality, integrity and/or availability of the business. 

 

• Emulate real-world intrusion techniques with tailored attacks specific to the environment 

• Provides a controlled adversarial simulation by attacking assets in the target Environment 

• Evaluates security 

 

Segmentation Testing is performed to verify/confirm that traffic flows that contain sensitive data (PAN, SAD, PHI & PII for example) are not able to co-mingle with less sensitive data.  Network segmentation is often used for compliance scope reduction, operational performance improvement via reduced network congestion, and malware/virus outbreak containment.   

​Technologies tested often include: 

• VLANs (Virtual Local Area Networks)

• Firewall Configurations

• ACLs (Access Control Lists)

• Router & Switch Configurations  

• Microsegmentation    

B&W Coding Image Services Image.jpg

Physical Security Assessments/Audits & Physical Penetration Testing 

Physical Security Assessments/Audits, as indicated by the name, focus on physical security controls (versus logical).  RedPenSec uses a comprehensive, best practices methodology to pinpoint gaps in controls meant to protect your organizational assets. 

 

Physical Security Assessments/Audits are on-site engagements, domestic and/or international, covering some of the following (this is not an exhaustive list by any means): 

• Physical Security Policies & Procedures 

• Physical Security Access/Controls (RFIDs, locks/latches, doors, gates, fences, roof access, terrain, landscaping, barricades, turnstiles,     

  windows, docks/waterside access, mantraps, hinges/hardware, and tailgating, for example) 

• Illumination/Lighting 

• Video surveillance & Monitoring (logging/back-up, adequate coverage & resolution) 

• Patrolling 

• Vehicle Inspection 

• Vehicle Access 

• Defense in Depth (DiD) for Core Assets  

• Break & Blast Resistant Glass 

• Equipment/Critical Assets Security (utilities, HVAC/Air Intakes, control/communications rooms/wiring closets, POS Systems/Point of

   Interaction Devices (POI)/Servers) 

• Alarms & Sensors 

 

Note: Physical & Logical Audits can be assessed together and will include additional elements.