CBI’s penetration testing service actively exploits architectural weaknesses and configuration vulnerabilities to evaluate your security posture against probable threats. The review can be performed from an internal perspective, an external perspective, or both depending on your requirements and desired outcomes. A penetration test is deeper and more targeted than a vulnerability assessment. CBI will risk-rank the findings and provide executive overview and technical guidance for remediation. CBI’s penetration testing methodology is aligned with NIST SP800-115 and the Penetration Testing Execution Standard (PTES). Traditional penetration testing of just “breaking in” to the environment doesn’t provide the value and insight required. We can help you evaluate the effectiveness of your security controls during a real-world attack. CBI goes beyond the conventional exploitation tactics used by traditional firms. Our approach is to develop engagement-specific attack scenarios that leverage automated and manual techniques.
CBI’s vulnerability assessment service reviews applications, systems, and networks for software and configuration vulnerabilities that could lead to a security incident. The review can be performed from an internal perspective, an external perspective, or both depending on your requirements and desired outcomes. The result is increased awareness among IT professionals and a decreased attack surface at the system-level. CBI will risk-rank your findings and provide an executive overview and technical guidance for efficient remediation. Your baseline vulnerability assessment will establish your levels of risk to ultimately provide a security roadmap for enhanced protection. CBI’s vulnerability assessment methodology is aligned with NIST SP800-115.
Do you need your web and mobile applications tested? CBI’s application security assessment reviews custom-developed software for code-level and design-level vulnerabilities. CBI uses advanced techniques leveraging a manual testing approach by former web developers turned penetration testers. The result is increased awareness among software development professionals and a decreased attack surface at the application-level. CBI will risk-rank your findings and provide executive overview and technical guidance for remediation. Our vulnerability assessment methodology is aligned with NIST SP800-115 and the Penetration Testing Execution Standard (PTES).
Attackers have learned that if they can convince an authorized person to provide them access, they can pivot to execute software, extract confidential information, or otherwise cause a breach. The attack vector is commonly known as “social engineering” and CBI’s social engineering assessment evaluates an organization’s readiness against such tactics. Our specialized assessment may include specifically crafted email messages and telephone calls designed to obtain private corporate information or access to corporate assets. We will execute these campaigns, record the results, and provide an after-action report that details current awareness and provides recommendations for improving your security posture. CBI’s social engineering assessment methodology is aligned with NIST SP800-115 and the Penetration Testing Execution Standard (PTES).
Today’s attacks are silent in nature, inexpensive to organize, and can be launched anonymously from anywhere in the world with one simple goal: capture your organization’s technology resources for malicious use. These attacks are becoming harder to combat unless you have deep visibility into your network. CBI developed a compromise assessment service to provide you with immediate results on potential malicious activities. This assessment provides detection capabilities that give you early warnings and details on emerging and potential threats, including target and attacker IPs. It determines the volume of malicious activity on your network, detects compromised end-points, and provides rapid remediation recommendations with prescriptive prioritization. As a result, you can see and stop malicious activity before disruption, downtime, data exposure and loss occur.
CBI’s ICS assessment service is designed to perform an evaluation of your OT systems and their connected ICS infrastructure. These evaluations will provide the data needed to create a list of recommendations to address your OT security related vulnerabilities. The results of the assessments will also draw from the applicable IT controls as outlined in NIST 800-82 Industrial controls. The NIST 800-82 ICS security controls framework includes management, operational and technical components.
Traditional penetration testing can be archaic, and not provide all the information you need to know you are secure. CBI’s Red Team service emulates the various different attack paths that an advanced malicious adversary or nation state attacker would conduct. Our services leverage a non-intrusive by “any means possible” (AMP) approach, that focuses on the assets in the organization that are most critical to your operations and viability. Our passionate team of experts will work to exploit external services, social engineering attacks, physical access, and many other tactics.
CBI’s Red Team SOC Services help your security operations teams enhance their threat hunting capabilities. This service pairs a threat hunting expert to your security operations team to help analyze, correlate, and alert on all the attack paths the Red Team is conducting. This results in a more informed view of probable attack vectors, combined with actionable data that will help you identify and contain future threats.
CBI’s Physical Security Assessment service exploits vulnerabilities in physical controls such as building security, locked offices, data centers, vaults, and other secured locations. CBI will document the findings and present recommendations on improving your physical security around key assets. Our testing leverages realistic and probable attack vectors such as social engineering, piggy backing, and RFID badge hacking/cloning. These services will identify improvement opportunities with physical security controls such as CCTV, entry/exit procedures, security awareness, and physical access control systems. Additionally, we can help you capture and leverage video where needed.
“It was great to work with a company that said what they were going to do for us, and then did it – on time and within the parameters of the SOW. Super easy to work with and very flexible and responsive to any questions or requests from us.”
Christine Buckingham | Team Lead