Penetration Testing
Sometimes vulnerability assessment solutions need to be taken one step further; this is penetration testing. Penetration testing serves to actually attempt to exploit vulnerabilities identified through various information gathering and vulnerability assessment techniques. Prolific Solutions offers a wide array of penetration testing solutions ranging from full Red Teaming to Blue Teaming to simply overseeing and coordinating internal penetration testing. We have several exploit tools/suites available to us and can bring those tools to your environment and attempt to compromise your information systems.
Penetration testing is required by several different compliance bodies (e.g., FISMA and PCI), but can also serve to draw attention to information security efforts. Management will often respond to a demonstration that there are viable, vulnerable holes in your information technology. Penetration testing also serves as another level of assurance.
One of the least invasive, and most profound, penetration tests is through the use of social engineering. The people side of security is often the weakest, and no matter how patched you are, how hardened your information systems are, or how robust your firewall solution is, the human factor can undermine it all. Social engineering tests often serve as a testing mechanism to evaluate your information security training program. In a social engineering penetration test, operational capabilities are rarely impacted, but management can really get an idea of their security posture via their users’ ability to thwart social engineering attacks.