Leverage Testers Who Have Set the Standard for Penetration Testing

Pentesting requires testers that are more skilled than your attackers. IANS Faculty members have set the standard for penetration tests (PTES) and leverage custom and industry standard tools and protocols to execute scenarios unique to your situation. Vetted and screened, many Faculty members and their teams have attained government-level security clearance for ethical hacking.

Connect With Us

Dave Kennedy, IANS Faculty

IANS Penetration Tests Are Customized for Your Environment

IANS engagements are tailored to meet the needs, concerns, and environment of each organization. Engagements are scoped and project managed by the IANS team and delivered by Faculty. We test according to standards such as PCI-DSS, OWASP, ISO27001, NIST, and others. The IANS team works with you to ensure an understanding of risk and impact of test objectives in identifying and remediating vulnerabilities across key areas:

External and Internal Networks
Cloud Environments (all major platforms)

Mainframe Testing
Hardware and Devices (including Mobile)

Mobile and Web Applications
Wireless Networks

Physical Security
Social Engineering

Industrial Controls

Our tailored approach offers three types of engagements:

Blackbox

We request no reconnaissance information from the client and approach the test as would a malicious attacker.

Greybox

Clients provide basic reconnaissance information like IP ranges, applications, and domain names.

Whitebox

Reconnaissance information is provided by the client, saving time and associated costs.

Project Approach

Reconnaissance

Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.

Mapping

Testers will map the target’s network architecture and systems/software, including open ports and system responses to identify potential targets.

Discovery

IANS will use the information gathered during the mapping phase to focus our staff and, using commercial, open source, and custom tools and scripts, discover vulnerabilities to exploit the systems.

Exploitation

IANS will attack systems and applications to prove that exploitation is possible and gain access to the targeted data and assets. If in scope, we will develop social engineering and phishing exercises to test employee security awareness. Any critical findings are communicated to clients immediately.

Remediation Guidance

Technical details are provided on root causes of vulnerabilities, recommended remediation actions based on severity and business impact, and (when appropriate) compensating controls.

Reporting and Delivery

Included is an Executive Summary with technical details related to the findings, delivered via a final teleconference/meeting with key stakeholders and/or client technical teams.

Project Deliverables

Executive Summary

History, purpose and overview of engagement — suitable for non-technical and executive audiences to understand scope and outcome of project.

Purpose & Methodology

The technical reasons for the testing as well as the methodology used.

Findings

All vulnerabilities identified by root cause, sorted by severity, potential threats, likelihood of attack, and business impact. Findings are delivered in PDF and CSV formats to simplify integration with your tracking tools.

Recommendations

Practical, actionable, and prioritized short-term and long-term remediation guidance appropriate to the organization’s operations and technical environment.

Ask Our Experts About Penetration Testing

Ask-An-Expert (AAE) provides the ability for IANS Decision Support clients to submit unlimited requests to Faculty members. Our clients frequently begin by requesting AAEs to cover a variety of penetration testing questions relating to strategy, policy and process, controls, implementation, and operational optimization. Our deep-domain security experts share industry best practices, provide recommendations from real-world experience, and help to strengthen the overall strategy of your program.

John Strand, IANS Faculty

Here is what our clients are asking:

What best practices or industry standards do IANS Faculty recommend around conducting manual penetration testing in production environments vs. dev/test environments?

In terms of the technical aspects of penetration testing, what are the critical steps that IANS Faculty believe the team should focus on when conducting penetration tests against the networks, apps, data and other digital components?

How have other IANS companies built out internal penetration testing programs and corresponding frameworks?

Exclusive of phishing simulation and physical security testing methods, what does IANS recommend in terms of what to test for, best practices, procedures and strategies in conducting penetration testing for both on-premise enterprise environments, and the organization’s virtual private cloud?

What would be the IANS Faculty’s first steps in standing up an internal Red Team, working with vendors for training, and scoping Red Team engagements?

Based on experience, what are the IANS Faculty recommendations for Breach Attack Simulation tools for testing defined TTP ‘use cases’ in a repeatable and automated fashion?

Looking for a Detailed Ask-An-Expert Example?

Fill out the form below to access a full Ask-An-Expert Writeup.

Ask-an-Expert
Writeup

Decide Where to Do Manual Penetration-Testing: Production or Dev/Test

Is it better to do manual penetration-testing against the production environment, or limit the scope to development/test? In this Ask-an-Expert written response, IANS Faculty Jake Williams says there is no easy answer but details some key issues to factor into the decision.

First Name*

Last Name*

Job Title*

Company*

Business Email Address*

Industry

I have read and agree to the IANS

Privacy Statement.*

* Required Fields

The IANS Difference

Security Focus

IANS provides a sole focus on improving security, risk, and compliance programs. IANS helps clients make trusted and vetted security decisions with access to over 60 Faculty members who are industry-recognized information security experts.

Project Management

Keep internal teams focused with IANS project management and engagement delivery by IANS Faculty.

Industry Experts

All projects are staffed by expert practitioners with deep, hands-on domain and technical experience.

Actionable Guidance

Gain actionable and practical guidance that is designed to communicate issues clearly to executives, and to reduce risk.

Fast Start

For IANS Decision Support clients, a streamlined procurement process and program management ensures a fast start and is supplemented with research content. You work with a team you know and trust.