TraceSecurity is a leading provider of Internal and External Penetration Tests

Security Assessment Risk Assessment IT Security Audit Penetration Testing Social Engineering Application Testing Wireless Assessment Security Training

Products

Regulatory Compliance Software – TraceCompliance Manager Risk Management Software – Trace Risk Manager IT Audit Management Software – Trace IT Audit Manager Compliance Monitoring Software – TraceComply Vulnerability Scanner – TraceAssess Policy Management Software – TracePolicy Training Software – TraceTrain Security Awareness Program Information Security Policy Development TSCM Implementation Program Security Compliance Tools

Secure Communications – TraceTunnel Multi-Factor Authentication – TraceAuthenticate

Industries

Credit Union Banking General Business / Retail Education Government Healthcare Electric Power

Resource / Media Center

In the News Events Webcasts Educational Articles Customer Successes Whitepapers Press Releases Video Testimonials Security Awareness Toolkit

Company

Overview Management Board Contact Us Partners Associations Careers Support

Penetration testing is one of the oldest, most trusted methods used for assessing security risks. Because the process is designed to simulate a real-world attack using the tools and techniques employed by actual hackers, the primary reason organizations will conduct a penetration test is to find and fix vulnerabilities before a criminal does.

TraceSecurity offers multiple penetrations tests, including:

Internal Penetration Test

Compliance Overview

IT Security Compliance regulations and guidelines (GLBA, FFIEC, HIPAA, NCUA, FDIC ETC) require an organization to conduct independent testing of the Information Security Program, to identify vulnerabilities that could result in unauthorized disclosure, misuse, alteration, or destruction of confidential information, including Non-Public Personal Information (NPPI).

Best Practices recommend that each organization perform an Internal Penetration Test in addition to regular Security Assessments in order to ensure the security of their internal network.

Solution Overview

An Internal Penetration Test mimics the actions of an actual attacker exploiting weaknesses in network security without the usual dangers. This test examines internal IT systems for any weakness that could be used to disrupt the confidentiality, availability, or integrity of the network, thereby allowing the organization to address each weakness.

TraceSecurity can perform this testing both onsite or remotely.

An Internal Penetration Test differs from a vulnerability assessment in that it actually exploits the vulnerabilities to determine what information is actually exposed.

TraceSecurity’s Internal Penetration Test follows documented Best Practices security testing methodology including:

Scoping & Rules of Engagement

Analysis & Identification of Attack Vectors

Exploit Testing and Penetration Attacking

Immediate Notification of Critical Risks

TraceSecurity’s Internal Penetration Test also includes limited access to the TraceAssess and TraceReport products of TraceCompliance Manager. TraceAssess provides on-demand vulnerability scanning of your network. TraceReport allows reports to be generated as needed for both executive/board level and technical staff.

The internal penetration test results are provided in an extensive report containing:

Penetration Test Methodology

Executive Summary

Business & Technical Risks and Recommendations

Exploitation Results Listed by Risk and Areas of Concern

Details and Exposure of Vulnerabilities

Comprehensive External Penetration Test

Compliance Overview

IT Security Compliance regulations and guidelines (GLBA, FFIEC, FDIC, NCUA, OCC, OTS) require an organization to conduct independent testing of the Information Security Program to identify vulnerabilities that could result in unauthorized disclosure, misuse, alteration, or destruction of confidential information, including Non-Public Personal Information (NPPI).

Best Practices state that each organization should perform an External Penetration Test in addition to regular security assessments in order to ensure the security of their external network.

Solution Overview

TraceSecurity’s Comprehensive External Penetration Test mimics the actions of an actual attacker without the usual dangers. The test examines external IT systems for weaknesses that could be used by external attackers to disrupt the confidentiality, availability, or integrity of the network, thereby allowing the organization to address each weakness.

TraceSecurity’s Comprehensive External Penetration Test follows documented Best Practices security testing methodology:

Scoping & Rules of Engagement

Analysis and Identification of Attack Vectors

Exploit Testing and Penetration Attacking

Immediate Notification of Critical Risks

Additional Options

The PREMIUM level of the Comprehensive External Penetration Test also includes extensive Information Gathering (Public Record Search, Web Presence Analysis, Email Harvesting, DNS Interrogation & Whois, etc)

TraceSecurity also provides a RETEST OPTION:

Upon completion of the initial penetration test, analysts will conduct Retesting of Initial Findings to Determine Remediation Strategies

TraceSecurity’s Comprehensive External Penetration Test includes limited access to the TraceAssess and TraceReport products of TraceCompliance Manager.

TraceAssess provides on-demand vulnerability scanning of your network.
TraceReport allows reports to be generated as needed for both executive level and technical staff.

Mitigating IT Security Risks with Penetration Tests

Product Datasheets

White Papers

Related Solutions