Penetration Testing For Compliance – Penetration Testing Services
Penetration testing, also known as pen testing, is a controlled test that simulates malicious attacks by actively searching for holes in your company’s IT network. It then attacks potential vulnerabilities in the system, just as a hacker would, in order to see if the network can be breached. Regulatory compliance frameworks such as NIST, HIPAA, PCI, FFIEC, NYDFS (23 NYCRR 500) and FINRA all require regular penetration testing for compliance.
Vulnerability assessments are not a true penetration test, but is the first part of the process. A vulnerability scan probes your network and identifies the holes that an attacker may use to exploit and gain entry into the system. A vulnerability assessment would be similar to a burglar looking for available points of entry into your house, but not accessing them.
External Network Penetration Testing
External network penetration testing builds on a vulnerability assessment by working to actively exploit and attack the holes identified in the vulnerability scan. External network penetration testing can be done either on-site or remote, saving the customer money in the process. An external network penetration test would be similar to the burglar attempting to access, with or without success, the points of entry previously identified with a vulnerability scan.
Internal Network Penetration Testing
Internal network penetration testing can be performed either remotely via a specialized piece of equipment or on-site. An internal network penetration test would be similar to the burglar already being situated inside the house, and attempting to access the locked safe, the safety deposit box, the secured basement, etc. as well gauging the potential damage they can do to the rest of the interior.
Wireless Penetration Testing
Wireless penetration testing can be performed either remotely via a specialized piece of equipment or on-site. A wireless penetration test will help determine the level of security on your wireless network, and if it can be accessed by hackers.