Konekti offers in-depth penetration testing, performed by experienced professionals. Penetration tests conducted by Konekti consultants are customized to your organization’s needs; no two assessments are the same. Each penetration testing options offered by Konekti can provide information that can dramatically enhance an organization’s overall security:
External Penetration Test
The purpose of this test is to assess an organization’s public IP addresses and hostnames as well as any publicly available code repositories. In addition, it is possible to include websites as part of the assessment. Although the goal is not to provide an in-depth analysis of each discovered web application, any glaring errors or issues may be discovered and reported.
Internal Penetration Test
The internal infrastructure penetration test focuses on testing attacks which could be carried out by an adversary who has already gained a foothold within your network and is looking to “elevate” themselves to gain further control and cause more damage. It also deals with security holes that could be taken advantage of by a malicious insider. This testing method can be leveraged to assess all internal hosts either on premise, in the cloud, or any mixture of both.
Unlike out of the box mass phishing testing solutions, Konekti deploys a custom approach to check your phishing exposure. Email phishing is best when tied with an external or internal test as it will provide a real-world scenario of a targeted attack on an organization but can also be extremely valuable on its own. Phishing campaigns are tailored to the target organization and continuous testing with trending data can be provided to ensure success of security awareness training.
Cloud Security Assessment
The unique nature of the cloud requires a new security concept that can address the distributed and dynamic cloud infrastructure. While most businesses think their data is safe in the cloud, an inherent misunderstanding of public cloud shared responsibility security model can expose many organizations to critical security vulnerabilities. Konekti’s Cloud Security assessment will cover a range of technology areas such as:
- Finding misconfigured network connectivity
- Assessing data leakage risk
- Detecting liberal account access permissions
- Ensuring proper data protection and encryption
- Assessing compliance with common standards for best practices such as HIPAA, SOC2, and PCI
What Konekti Will Deliver
The following are the phases of a successful penetration testing engagement as performed by Konekti consultants:
During this phase, Konekti consultants will gather expectations, compliance requirements and objectives. Our goal is to ensure that the assessment best aligns with an organization’s business goals.
The “Recon” phase is where Konekti consultants will search for available information about the organization from public sources. Some examples of sources would be search engines, WHOIS, social networks and code repositories.
During this phase, Konekti consultants will probe the network, collect vulnerability information and then use the data gathered to determine the methods of attack implemented during the exploitation phase.
Post-exploitation and Analysis
The phase following exploitation ensures that every exploited system is cleaned after gathering data for the report. Cleaning removes all agents, scripts, planted executable binaries and temporary files.
Konekti will provide assessment results in an executive report, explaining test strategy, as well as categorizing results by risk rating. In addition, Konekti will provide recommendations for remediation of the issues raised in the report.