Organizations that own or handle sensitive information – such as health or payment card information – need a clear view of the risks in respect to that information. Furthermore, the need to understand the intricacies of complex technical solutions, interpret technical jargon and consider vulnerabilities in the context of impact to the business is increasingly a challenge for managers and stakeholders in an organization. A penetration test presents a focused view of potential risks to information in the context of attack, loss of service, and impacts to data integrity, from any threat source.
The power of Brier & Thorn’s penetration testing lies in the skills of our consultants. We pool our talent to access proven technical skills and training that’s unmatched in the industry – going beyond simply relying on robust testing tools that only skim the surface of the complicated problem. Our holistic approach scrutinizes the people, process and technology in your organization.
We partner with clients to protect the confidentiality, integrity and availability of their key systems and data – while at the same time balancing the costs and limitations that security controls can put on the business. Our portfolio of penetration testing services offers black box and white box testing in infrastructure, IoT, application, network, and database security assessments.
How the cloud has changed penetration testing and how to perform assessments against virtual machines.
The rise of sophisticated attackers and the increasing dependence on online services increases the need for the highest confidence and most actionable intelligence for your organization’s exposure to security incidents.
Vulnerability assessments and penetration tests can assist organizations of all sizes to:
At Brier & Thorn, we believe that being a trusted adviser means helping our clients understand their key risks and exposures — both in their own IT infrastructure and the infrastructure of their service providers and supply chains. Our dedicated team of security experts have contributed to national security policy, identified unpublished vulnerabilities in vendor products, performed penetration testingon IoT (Internet of Things) devices, such as medical devices and even infotainment systems for automobiles.
Our philosophy is that reports based on automated tools alone aren’t sufficient to gain a complete picture of the security threats facing your organization. An effective vulnerability assessment needs supporting analysis and subject matter expertise for meaningful results. Just as you wouldn’t hire a plumber simply because of the wrench he uses, we believe a firm shouldn’t be selected simply just because of the tools they use.
Our methodology evaluates the severity of vulnerabilities in the context of the organization’s risk profile. This provides our clients with a clear direction towards mitigating the highest and most concerning vulnerabilities. Upon completion of the penetration testingexercise, the results are codified into an executive report and vulnerabilities made available in a cloud-based SaaS platform for vulnerability management for later triage.
Our testing process is driven by (6) fundamental steps:
Penetration testing is a critical component of information security, providing an effective and on-going mechanism for identifying security vulnerabilities in a changing landscape and being able to map their corresponding impact to enable remediation before exploitation.
By going beyond the basic principles of protection, we apply our knowledge and experience to provide a complete picture of a client’s security to identify the threats and vulnerabilities aligned with the client’s overall business objectives.
Our industry leading methodology incorporates the full spectrum of technology risks faced by our clients. Our penetration testingframework continues to evolve, bringing new insights tailored to our clients’ specific environment and business requirements.
A penetration test or “ethical hack” evaluates an application’s or network’s ability to withstand attack. During a penetration test, our penetration testers (or “ethical hackers”) are armed with the same tactics, techniques, tools, and procedures as today’s cyber criminals to hack into your network or application. Such an exercise uncovers vulnerabilities our clients didn’t know existed and helps ensure the security of their assets.
Our penetration testing services:
Recurrent Penetration Testing, On Demand
Quarterly penetration testing provides continual insight into the security of our clients’ applications and networks. Whenever possible, subsequent tests will re-evaluate findings from prior tests so that our clients always have a current set of results available.
Application, Internal Network and External Network Testing
We share our clients’ ambitions working to understand their reality and deliver true results – focusing on strategic decisions and practical actions. We align our incentives with our clients’ objectives so they know we’re in this together as a closely-held partnership.
Major manufacturer of EDUs for connected cars retains Brier & Thorn to perform penetration testing the resulted in remote control of the connected cars the unit was installed in.
Connecture, the SaaS provider to healthcare insurance providers of online insurance marketplaces and exchanges, retains Brier & Thorn for 3-year managed penetration testing services of its application.