Digital Forensics & Incident Response Strategic Services Advanced Testing Services
Advisory Services
Advanced Testing Services
  • Proactively understand evolving attacker motivations and approaches
  • Immediately identify weakness in your systems or procedures
  • Engage with intelligence, innovate without risk and mature your program over time
  • Enhance your detection and response capabilities with reliable, accessible, highly-trained experts
Penetration Testing

CBI’s penetration testing service actively exploits architectural weaknesses and configuration vulnerabilities to evaluate your security posture against probable threats. The review can be performed from an internal perspective, an external perspective, or both depending on your requirements and desired outcomes. A penetration test is deeper and more targeted than a vulnerability assessment. CBI will risk-rank the findings and provide executive overview and technical guidance for remediation. CBI’s penetration testing methodology is aligned with NIST SP800-115 and the Penetration Testing Execution Standard (PTES). Traditional penetration testing of just “breaking in” to the environment doesn’t provide the value and insight required. We can help you evaluate the effectiveness of your security controls during a real-world attack. CBI goes beyond the conventional exploitation tactics used by traditional firms. Our approach is to develop engagement-specific attack scenarios that leverage automated and manual techniques.

View Case Studies
A Large Financial Institution Needed More Than Traditional Penetration Testing
Large Automotive Supplier Needed Expert Help Protecting Its Perimeter

“The CBI team did very well helping Centria with the Pen Test. I appreciate the Red Team Manager taking the time to talk to the C level about how critical the finding was while he was on site.

Thank you to our Sales Rep for being a call away for anything that we needed.”

Steve Mavashev | Team Lead
Centria Healthcare, LLC
Experiencing the CBI Effect for 1 year

“Every person on CBI’s team was fantastic to work with. They have provided us with some invaluable insight. Working through an audit is challenging enough in normal circumstances, but to do it during a pandemic with every person being in remote locations takes this to a different level of challenging. The CBI team performed extremely well with the additional challenges of us all being remote. I will highly recommend CBI and your services to other companies.”

Dan Wasson | Manager
Northwestern Michigan College
Experiencing the CBI Effect for 1 year

Phishing Attack Simulation

Attackers have learned that if they can convince an authorized person to provide them access, they can pivot to execute software, extract confidential information, or otherwise cause a breach. The attack vector is commonly known as “social engineering” and CBI’s social engineering assessment evaluates an organization’s readiness against such tactics. Our specialized assessment may include specifically crafted email messages and telephone calls designed to obtain private corporate information or access to corporate assets. We will execute these campaigns, record the results, and provide an after-action report that details current awareness and provides recommendations for improving your security posture. CBI’s social engineering assessment methodology is aligned with NIST SP800-115 and the Penetration Testing Execution Standard (PTES).

Red Team Testing

Traditional penetration testing can be archaic, and not provide all the information you need to know you are secure. CBI’s Red Team service emulates the various different attack paths that an advanced malicious adversary or nation state attacker would conduct. Our services leverage a non-intrusive by “any means possible” (AMP) approach, that focuses on the assets in the organization that are most critical to your operations and viability. Our passionate team of experts will work to exploit external services, social engineering attacks, physical access, and many other tactics.

Physical Security Assessment

CBI’s Physical Security Assessment service exploits vulnerabilities in physical controls such as building security, locked offices, data centers, vaults, and other secured locations. CBI will document the findings and present recommendations on improving your physical security around key assets. Our testing leverages realistic and probable attack vectors such as social engineering, piggy backing, and RFID badge hacking/cloning. These services will identify improvement opportunities with physical security controls such as CCTV, entry/exit procedures, security awareness, and physical access control systems. Additionally, we can help you capture and leverage video where needed.

“It was great to work with a company that said what they were going to do for us, and then did it – on time and within the parameters of the SOW. Super easy to work with and very flexible and responsive to any questions or requests from us.”

Christine Buckingham | Team Lead
Nexteer Automotive
Experiencing the CBI Effect for 1 year

Remote Access Assessment

In a time of social distancing, the world of business is changing rapidly. While we all work together to flatten the curve, CBI is ready to help you get ahead of it, with our Remote Access Assessment.

With more employees working remotely, executives are concerned about fending off cyberattacks and ensuring system performance and availability, all while defending their employees, customers and data. CBI’s Remote Access Assessment follows NIST best practice frameworks to help companies test the security effectiveness of remote access controls. Our comprehensive advanced testing and evaluation will help you to understand your remote risk, ensure best practices are being followed, validate effectiveness of your current controls, identify scalability and licensing concerns and provide recommendations to make changes quickly.

Learn More

Vulnerability Scanning

CBI’s vulnerability assessment service reviews applications, systems, and networks for software and configuration vulnerabilities that could lead to a security incident. The review can be performed from an internal perspective, an external perspective, or both depending on your requirements and desired outcomes. The result is increased awareness among IT professionals and a decreased attack surface at the system-level. CBI will risk-rank your findings and provide an executive overview and technical guidance for efficient remediation. Your baseline vulnerability assessment will establish your levels of risk to ultimately provide a security roadmap for enhanced protection. CBI’s vulnerability assessment methodology is aligned with NIST SP800-115.

Web & Mobile Application Testing

Do you need your web and mobile applications tested? CBI’s application security assessment reviews custom-developed software for code-level and design-level vulnerabilities. CBI uses advanced techniques leveraging a manual testing approach by former web developers turned penetration testers. The result is increased awareness among software development professionals and a decreased attack surface at the application-level. CBI will risk-rank your findings and provide executive overview and technical guidance for remediation. Our vulnerability assessment methodology is aligned with NIST SP800-115 and the Penetration Testing Execution Standard (PTES).

I Need To...