Reviewing Your Cyber Security Risks with Vulnerability Penetration Assessment


Without a doubt, cyber security is a war of escalation. New software is introduced, and it’s considered safe until a hole is found. Patches are put in place, but new vulnerabilities are sussed out, meaning that new security measures must be implemented. This can go on and on, and many times you’re safe during the process…some other company might have been hit, but you get the patch before your business is targeted.

But you can’t rely on having a low profile for long. While groups of Russian hackers might be going after Target and Home Depot, there are those out there who are working alone and are more than happy to poke at your system until they find a vulnerability. Even if they don’t get the information they want, they might destroy information out of frustration and spite. That’s why you need a vulnerability penetration assessment.

Every business is unique, which means that every business is going to have cyber vulnerabilities that are unique. That, in turn, means that you won’t always be able to only rely on the latest patches and anti-malware software; you need a personalized approach. That’s where Ingalls Information Security can help, helping your find security concerns that might be going unnoticed.

Why Can’t Your IT Guys Take Care of It?

Have you ever written something important, re-read it, re-re-read it, and then sent it out into the world…only to have someone point out two obvious mistakes you made? And they were obvious; how could you have missed them? It’s because that, as the writer, you were too close to the project. Your brain filled in what you thought was there, because it knew what you wanted to say.

Something similar goes on in any job, including that of your IT department. They are so close to their code that they can’t see the vulnerabilities in it. They might be excellent at avoiding attacks from one angle but completely ignore three others. They’re thinking about improving shields, perhaps unaware of the most modern cyber weaponry that can pass right through them.

What Do You Need?

You need to be attacked, and we’re the ones to do it. You should hire a cyber security company who is a master of offense as well as defense, because when you know what’s coming it’s easier to defend against it.

When we perform a vulnerability penetration assessment, we’ll use a variety of means to ensure that your cyber security is as up to date as possible against both legacy attacks and those that are new. It doesn’t matter if your software is brand new, ancient, off-the-shelf, or custom-made, we can find the vulnerabilities and help you fix them.

How Is It Done?

First, contact a network security company like Ingalls Information Security. We’ll discuss with you where you think your vulnerabilities lie. We’ll also talk with you about the software you’re using and attacks that you might not be aware of. We’ll then discuss the types of attacks we can perform that might be most useful at improving your security.

There are three basic types of attacks that you can hire us for, each with varying degrees of “handing us the keys.”

Black Box

In a Black Box scenario, we go in blind as we attack your system. This is how most attackers would approach your business, having to spend time finding out what type of security you’re using across your servers and software. Once all of this information is gathered, vulnerabilities will be addressed based on the knowledge gathered.

While it takes extra time, it’s the closest to a real-world scenario out there. A smart attacker with enough time on their hands will almost certainly be able to find vulnerabilities to steal information or destroy it. When you hire us to find these vulnerabilities, we’ll prove that the holes exist and provide information on how to ensure that no one can get into cause your data harm.

White Box

If a Black Box scenario is one in which we go in blind, a White Box is much the opposite. What can an insider, i.e. a person you’ve hired, do to harm your business? What vulnerabilities do you have if someone has access to your server room? What types of precautions are in place to prevent those with some access from getting complete access? Is your information safely backed up, or do too many people have ways of preventing this from happening?

You can trust Ingalls with your information because we have certified people on staff who are trained in the absolute most ethical way of performing these cyber security tasks. This includes those who are Certified Information Systems Auditors, Certified Ethical Hackers, and Certified Information Systems Security Professionals.

Even with our certifications, some companies are reticent to letting us have complete access to their systems. We understand this reluctance, and that’s where the Gray Box scenario comes in.

Gray Box

The gray box scenario falls somewhere in between Black and White. With Gray Box, you tell us about the tech you’re using. This cuts down on the cost associated finding out everything about it from scratch. With partial knowledge of your system, we can perform the vulnerability penetration assessment that a real-life malicious hacker would. At the same time, you don’t have to reveal all of your information to us directly.


Employee Vulnerabilities

You can spend untold amounts of money on the best IT staff and the latest in anti-malware, but one employee not following the rules could undo all of that with an errant click.

In a previous article we discussed the many ways that employees can be the weakest link in your cyber security, even if they have nothing to do with the IT department. We can perform a physical evaluation of your building, attempting to gain access to areas with employee help or doing a review of your space for out-in-the-open password reminders. Of course, we’ll also test your employees on their ability to detect phishing schemes and harmful email attachments.

What’s the Next Step?

There are vulnerabilities in your system; you simply haven’t found them yet. That’s where network security solutions from an information security company like Ingalls comes in. When you hire use, we’ll take a wide view of your vulnerabilities, then narrow in on the ones that could cause you the most trouble. When we’re done, your information will be much safer and you’ll be able to sleep much better at night.

Contact Ingalls Information Security and we’ll work with you to increase your security and the information you’ve created or been entrusted with. We’re ready to attack, in the best way possible!