Penetration Testing Services
Cybersecurity: The Great Challenge of the 21st Century
Did you know that cyber crime is ranked as the number one national security threat? That’s right, its ahead of terrorism, espionage, and weapons of mass destruction. In fact, cyber crime represents a $5 trillion cost to the U.S. each year; or, approximately 1/3 of the U.S. GDP on an annual basis. To make matters worse, small businesses represent the path of least resistance for cyber criminals. The last several years have shown a steady, and significant, increase in attacks targeted at small businesses with less than 2,500 employees—the SMBs. The following are a couple frightening statistics:
- Over 62% of all cyber attacks are targeted at small and mid-sized businesses.
- More than 52% of spear phishing attacks are carried out against the SMB market.
- The average cost of a major cyber breach for SMBs is between $98,000 and $408,000 (a figure that continues to rise year-over-year).
- Approximately one in five small to mid-sized businesses will be the victim of a cyber attack each year.
- Of those attacked, around 60% are out of business six months later.
These stats are the reason why MainNerve exists. While we provide cybersecurity services for large enterprise and corporate businesses, the SMB market is where our heart truly lies. Because the truth is, a significant system breach isn’t a matter of if… but when. And all companies need to have an action plan to strengthen their data security and promptly deal with the fallout of a malicious attack.
SMBs: An Underserved Market
Here at MainNerve, we are trying to change the cybersecurity landscape for SMBs. According to the Cisco 2016 Annual Security Report, budget constraints are sited as the biggest obstacle to SMBs adopting advanced security processes and technology. Unfortunately, the “major” cybersecurity companies have done nothing to help combat this predicament—leading to small and mid-sized businesses being terribly underserved when it comes to cybersecurity. It is the sole goal of MainNerve to change this paradigm by providing truly affordable cybersecurity solutions.
Penetration testing is defined as the practice of testing a computer system, network, or application in order to exploit inherent vulnerabilities. The ultimate goal behind pen testing is to determine the means and processes an attacker could use in order to gain access to compromising or sensitive data, damage systems, deface websites, and more. At MainNerve, we use state of the art tools and methodologies, and operate at the highest levels of standards in the penetration testing world. Upon partnering with us, our team of highly certified penetration testing engineers will simulate real world attacks on your network with the express intent of identifying vulnerabilities. This is done in order to provide you with mitigation strategies for preventing successful hacks on your network, facilities, and/or applications. Our intent is to:
- Test and assess your system(s) with respect to your business operations and intellectual property.
- Ensure that security and compliance are improved through the recommendations provided.
- Provide mitigation strategies alongside follow-up penetration testing and scanning to keep your company secure.
MainNerve Testing Methods
MainNerve offers Gray Box testing for all Best Practice and HIPAA services and White Box testing for PCI compliance testing and scanning. Black Box testing or Red Team assessments are available upon special request.
The following is a summary of the different aspects of testing:
Full disclosure of the systems and networks prior to testing. In addition to the number of hosts and IP addresses, the client provides network diagrams, system roles, expected services, user-names (or similar), hostnames, and data flow diagrams. Other information may include segmentation controls, number/types of security controls (UTM, IDS/IPS), topology, and vulnerability listing (through previous vulnerability scans). A white box test is appropriate for PCI-related penetration testing.
Gray Box (Standard Testing Methodology)
Partial disclosure of the systems and networks to be tested. This includes the number of hosts, IP addresses, and possibly hostnames, if applicable. The client may elect to provide security information, such as, firewalls types and IDS/IPS controls.
No knowledge of the client’s systems and networks prior to testing. Often called a “red team” assessment. We only know the company name. Everything must be confirmed with the client during the discovery phase (and prior to exploitation) to ensure that any systems, domains, and networks are owned and/or controlled by the client. This type of test is typically the most expensive because it is 99% human driven.
Quality Penetration Testing That Meets Your Budget
MainNerve penetration tests are planned, proposed, and executed to meet your exact requirements. Our nationally certified, DoD cleared and experienced engineers, not a salesperson, listen to your penetration testing needs and requirements. MainNerve is different in this regard because we want to identify the type, form, and scope of pen test that will best fit your organization based on your requirements (assessment, compliance, certification) and your budget. MainNerve is headquartered in Colorado Springs, home of the National Cyber Intelligence Center. Our U.S. based engineers can adjust the levels of automation and manual penetration testing based on your unique needs.
They can also leverage technology to conduct penetration tests off-site in order to maximize the level of cyber services you get for your dollar. With industry-leading reports, cutting edge technologies, and decades of penetration testing experience… no other cybersecurity company in the U.S. offers more for your hard earned dollar.
Certified Penetration Testing For Any Situation
As one of the most experienced penetration testing companies in America, MainNerve has conducted a wide variety of penetration tests that meet, and even exceed, industry standards and/or business requirements. As a trusted partner, MainNerve has been requested to not only provide penetration testing services that meet compliance standards—HIPAA, PCI, and FINRA—but also to conduct pen tests on a plethora of differing environments and applications. ManNerve’s U.S. based, nationally certified engineers are adept at planning, developing, and executing penetration tests such as:
- Network Penetration Tests (Internal and External IPs)
- Physical, Virtual, and Cloud-based Network Testing
- Web Application Penetration Testing
- Red Team Assessments
- Internet of Things (IOT) Penetration Testing
- Mobile Application Penetration Testing
- Wireless Penetration Testing
- SCADA/IDS Penetration Testing
- Vulnerability Scanning & Assessments
- Social Engineering Testing
- Phishing Campaign Testing
Penetration Testing From A Trusted Entity
Penetration testing, or the ethical “hacking” of a business’ IT architecture, can be an alarming concept. As one of the most trusted names in penetration testing, MainNerve has performed penentration tests and scans on companies of every size and type—from $1B corporations, municipalities, hospitals and data centers, to small technology firms and entrepreneurial startups. This has required our company to pen test very complex IT systems—IT systems that host tens of thousands of internal and external IP addresses and IT systems that cover hundreds of thousands of users. It has also required the company to pen test web applications, mobile applications, SCADA/IDS systems, and IT systems housing immense stores of protected personal and customer data while simultaneously maintaining the customer’s system integrity and not compromising ongoing business operations. With our focus on understanding the entirety of our customer’s operations, and designing penetration tests that respect our customer’s need to protect their intellectual property and/or continue business operations, MainNerve has never conducted a penetration test that has negatively impacted a customer.
Penetration Testing That Meets Industry Standards
It is an unfortunate reality that many companies simply do not provide penetration testing services that meet the cybersecurity standards associated with the unique requirements of each individual company. In fact, numerous businesses outsource their penetration testing to other companies that have very limited experience in penetration testing services. This results in reports that are not up to standard… or worse, could compromise the integrity of your company in the event of an audit. MainNerve’s on-site penetration testing engineers have conducted numerous pen test to the standards listed below. But more than this, we ensure that these standards are followed in all provided reports and in any follow-up penetration testing requirements.
- PCI Standards Security Council Penetration Testing Guidance
- NIST SP 800-115 Technical Guide to Information Security Testing and Assessment
- Open Web Application Security Project (OWASP) Testing Guide
- Penetration Testing Execution Standard
Penetration Testing By Industry Experts
MainNerve has one of the most experienced penetration testing teams in the country. As highly-qualified national defense penetration testers and certified engineers, our team has tens of thousands of hours in pen testing experience. But more than this, our team has decades of service in network security for both the commercial and government sectors. Plain and simple, we hire, employ, and retain only the industry’s best penetration testers. This is to ensure the integrity of our services and the protection of our customer’s through the application of the best pen testing minds in the industry. Our penetration testers have won awards at penetration testing contests such as Sharkfest. They also frequently speak at conferences throughout the country such as DEFCON, ShmooCon, and Derbycon.