External Penetration Testing / Vulnerability Assessments
The first step to ensuring your network security is with an external penetration test. Due to the increase in attack landscape and advancements in automated exploits, external penetration testing is an imperative service to have regularly performed on your network. The nature of this test will not only help you understand what an attacker can gain access to, but also protect you from threats like automated ransomware attacks. Hoplite will perform a complete test to ensure your network is locked down from malicious actors on the internet.
Wireless Security Assessments
With the increase in wireless landscape, Hoplite recommends wireless security tests. A wireless security review will identify weaknesses that may allow unauthorized users to access the internal network and critical data. Hoplite will look for security flaws in the current configurations such as encryption mechanisms, segmentation, rogue access points, and other weaknesses that could be used to compromise the internal network.
Red Team Assessments
A Red Team Assessment is a goal driven exercise that is meant to mimic a real-world attack. It is a full-scope, multi-layered attack simulation designed to measure how well a company’s networks, applications, and physical security controls can withstand an attack from a real-life adversary. Hoplite will work closely with your team to develop realistic goals and scenarios that will truly test your organization.
Internal Penetration Testing / VUlnerability Assessments
Effective security involves not only securing Internet accessible assets, but also those systems in the internal environment. An internal penetration test tells you what vulnerabilities lie behind your perimeter firewall. Further, it also provides a narrative of what a motivated internal attacker could accomplish. An internal attacker could be a rogue employee, someone who gained physical access to network equipment, someone that got an initial foothold into the environment by means of phishing, or countless other scenarios. Hoplite will perform a comprehensive assessment to evaluate your security posture on the internal network.
This is commonly an overlooked item of cybersecurity plans that can be a valuable maintenance test. The objective of a configuration review is to evaluate the settings and related management processes of systems to ensure they are properly configured to keep the network stable and secure. Common areas of evaluation are workstations, servers, network devices, and firewalls. Using top of the line tools, Hoplite will provide an easy to understand breakdown of misconfigurations on the devices in your network.
Vulnerability Management Programs
Vulnerability Management Programs are becoming increasingly more important as the attack landscape continues to grow in your corporate environment. Vulnerability Management programs are more than just scanning assets, it is the process surrounding the vulnerability scanning, also taking into account aspects such as asset management, ranking risk, risk acceptance, remediation, etc.
Social ENgineering Assessments
A network is only as strong as its weakest link. Statistically, humans are that weak link that allow attackers in the door (quite literally). When an employee clicks on a malicious link, gives sensitive information over the phone, or holds open the door to your building, they could potentially be putting your company's sensitive data and other valuables at risk. Hoplite will view and assess employees' security awareness and your company's ability to prevent and manage social engineering attacks. Hoplite will provide metrics, guidance, and best practices for remediation.
Web Application Assessments
Another step in securing your network and company data, is hardening the web application layer of your network. Because they are the most frequently visited and tedious to secure, web application attacks make up more than half of all reported breaches. Hoplite will do an in-depth evaluation of web applications against the OWASP top 10 to protect your data from malicious attackers.