Service Overview

Emerging Defense provides penetration testing with the intent of mirroring the capabilities of a true attacker targeting the enterprise. An Emerging Defense penetration assessment is designed to demonstrate business impact to stakeholders and to provide solutions to remediate findings and prevent reoccurrences. Complete security is impossible, achieving information security is the art of managing risk and enabling the business. Therefore, we take a business-considerate approach where all vulnerabilities are identified but priority concerns are communicated with consideration for business requirements.

Targeted vs. Opportunistic Attacks

Offensive security tactics are the ideal way to identify risk without significant time and resource investment. Conventional security assessment activities such as firewall reviews and automated scanning can prevent opportunistic attacks but fail to protect against any targeted and motivated attack. Despite enterprise investment in conventional defense, targeted attacks are the primary drivers behind enterprise data breaches. In most cases, an organization has no idea that it has been or will be targeted until it has already been compromised.

Targeted attacks are typically launched with the objective of

  • causing monetary harm (shutting down business critical systems, brand damage),
  • acquiring sensitive customer data (social security numbers, credit card numbers),
  • acquiring business partner or sales information (bid pricing, supplier details, contracts), and
  • exfiltrating trade secrets and competitive edge data (blueprints, formulas, processes, designs).

See our value section for additional details around the importance of penetration testing and why Emerging Defense is uniquely qualified.

Read More About Our Value

  Attack Vectors

Emerging Defense offers a range of penetration testing services to ensure that your organization’s overall continuity and competitive edge are safe and secure across the entire landscape of attack vectors. Our approach and methodology are designed for flexibility and customization; if your organization possesses unique or special considerations, we can customize any test offering accordingly to fulfill your needs.

Today, organizations are highly connected and susceptible to attack through multiple avenues. Emerging Defense offers the following diverse assessments performed individually or packaged (discounted).

 External Penetration Assessment

Description
External assessments are performed from outside the organization’s network perimeter to simulate an Internet based attack.

Attack Scenario
Your organization has been targeted by a collective or an individual and attacked over the Internet in an attempt to compromise the company’s website, VPN, or other external asset and pivot inside the network, extract customer data, or deface the website (e.g., Anonymous hacktivist group).

Request a Call Today
 Internal Penetration Assessment

Description
Internal assessments are performed from within the confines of the corporate network to simulate an attack from an unauthorized individual or malicious insider with network port or workstation access.

Attack Scenario
Your organization is attacked from the core by an employee, authorized vendor, or unauthorized individual capable of bypassing physical security controls (such as doors or badge swipes) and plugging directly into the internal network (e.g., Bradley Manning WikiLeaks).

Request a Call Today
 WAN Penetration Assessment

Description
WAN assessments are performed from your organization or a partner site and aim to identify unauthorized or unauthenticated internal connectivity between enterprises.

Organizations are commonly intentionally or unintentionally interconnected with their business partners. This situation lends itself to security domino where the weakest link will compromise all connected organizations despite their individual levels of security.

Attack Scenario
A vendor that provides inventory data to your internal tracking system is targeted and breached with the intent of leveraging its connectivity to pivot inside partner organizations. Your organization’s security controls may be well designed, but the business continuously engages new vendors with new backdoors into the core of your network. These connections are commonly unknown to security staff and not reviewed during implementation (e.g., RSA SecurID breach, Target Corporation breach).

Request a Call Today
 Wireless Penetration Assessment

Description
Wireless assessments are performed from within range of the organization’s physical wireless network waves by attackers located inside or outside building walls at corporate headquarters, offices, or distribution centers.

Attack Scenario
The organization’s corporate wireless network is attacked from outside the building walls using a neighboring parking lot; access can lead to internal network compromise without ever stepping foot inside (e.g., T.J. Maxx retail breach).

Request a Call Today

  Business Impact

Emerging Defense performs all penetration assessments with the intent of providing a proof of concept for an identified business risk. A proof of concept can assist an IT program in resonating to the management of the enterprise risk associated with possessing exposures.

Business Impact Demonstration

Our practitioners can operate in “capture the flag” mode where sensitive data acquisition is performed during or upon completion of the assessment using identified vulnerabilities. Emerging Defense will seek and attempt to access the same data that motivate attackers targeting your unique enterprise and industry.

Our practitioners have historically proven client exposures by successfully obtaining assessment objectives such as:

  • Internal corporate network access from the Internet
  • Customer credit card and/or social security numbers (thousands)
  • Employee payroll and ERP system access (executive wage data)
  • Executive e-mail inbox access
  • Software source code repository access
  • Financial bank account information

  Methodology

Emerging Defense follows a proprietary methodology to ensure the predictability of testing activities and the delivery of consistent and repeatable results. The following is a high-level overview of the Emerging Defense Penetration Testing methodology. View Detailed Methodology

 

Phase I
Threat Profiling
  • Relevant Threats
  • Relevant Vectors
  • Applicable Testing Scenarios
Phase II
Target Identification
  • Reconnaissance
  • Enumeration
Phase III
Vulnerability Identification
  • Manual Analysis
  • Attack Simulation
  • Baseline Analysis
Phase IV
Intrusion Testing
  • Exposure Exploitation (optional)
  • Business Impact Demonstration
Phase V
Recommendations
  • Risk Rating Assignment
  • Quick-Fix Solutions
  • Strategic Solutions
 
View Detailed Methodology
Start Testing Today
  

Services

latest tweets @EmergingDefense

2 days ago Shadowbrokers released passphrase to decrypt equation group files https://github.com/x0rz/EQGRP


5 days ago Solaris rpc.cmsd remote root exploit (TAO's EASYSTREET) #0day #zeroday http://bit.ly/2ojN1x1


9 days ago This particular feature is also done within Office VBA and no external WMI, PowerShell, or Win32 API calls. http://bit.ly/2oNGxHB

Follow Us >

newsletter signup

Sign up for our newsletter