PHYSICAL & LOGICAL/TECHNICAL SECURITY SERVICES
An organization's priority when it comes to security, whether it be physical, logical, or technical, is to identify where its weaknesses and vulnerabilities exist and to mitigate them to the highest degree possible before a malicious bad actor does. The real damages associated with a breach can be disastrous in measurable financial terms through fines, penalties, and litigation, but the cost to your firms' reputation and good-standing may not recover.
RedPenSec (Red Team, Penetration, Security) offers a wide variety of cybersecurity services and options dedicated to keeping your organization’s finger on the pulse of its security stance, protecting your people, assets, and reputation.
Internal & External Vulnerability Scanning Services
Internal/External Vulnerability scanning focuses on identifying host and network-based security issues within target environments using a combination of industry standard, open-source, and proprietary tools combined with AI powered testing methodologies.
• Identify security issues affecting accessible assets
• Identify missing patches, recommended system upgrades, and out-of-date software
• Catalog known vulnerabilities associated with an open port or running service
• Ensure compliance with approved configuration standards
Penetration & Segmentation Testing Services
Penetration testing and post-exploitation focus on the controlled exploitation of vulnerabilities in services and insecure configurations identified in the target environment using a combination of tools and techniques. This phase focuses on emulating adversaries attempting to compromise the organization by gaining unauthorized access to critical data, intellectual property, or organizational assets which could affect the confidentiality, integrity and/or availability of the business.
• Emulate real-world intrusion techniques with tailored attacks specific to the environment
• Provides a controlled adversarial simulation by attacking assets in the target Environment
• Evaluates security
Segmentation Testing is performed to verify/confirm that traffic flows that contain sensitive data (PAN, SAD, PHI & PII for example) are not able to co-mingle with less sensitive data. Network segmentation is often used for compliance scope reduction, operational performance improvement via reduced network congestion, and malware/virus outbreak containment.
Technologies tested often include:
• VLANs (Virtual Local Area Networks)
• Firewall Configurations
• ACLs (Access Control Lists)
• Router & Switch Configurations
• Microsegmentation
Physical Security Assessments/Audits & Physical Penetration Testing
Physical Security Assessments/Audits, as indicated by the name, focus on physical security controls (versus logical). RedPenSec uses a comprehensive, best practices methodology to pinpoint gaps in controls meant to protect your organizational assets.
Physical Security Assessments/Audits are on-site engagements, domestic and/or international, covering some of the following (this is not an exhaustive list by any means):
• Physical Security Policies & Procedures
• Physical Security Access/Controls (RFIDs, locks/latches, doors, gates, fences, roof access, terrain, landscaping, barricades, turnstiles,
windows, docks/waterside access, mantraps, hinges/hardware, and tailgating, for example)
• Illumination/Lighting
• Video surveillance & Monitoring (logging/back-up, adequate coverage & resolution)
• Patrolling
• Vehicle Inspection
• Vehicle Access
• Defense in Depth (DiD) for Core Assets
• Break & Blast Resistant Glass
• Equipment/Critical Assets Security (utilities, HVAC/Air Intakes, control/communications rooms/wiring closets, POS Systems/Point of
Interaction Devices (POI)/Servers)
• Alarms & Sensors
Note: Physical & Logical Audits can be assessed together and will include additional elements.