Our Attack & Penetration (A&P) services help find weaknesses in your security design before hackers do. Using the latest technologies and insights, we will scan your network, applications and servers from a hacker’s point of view.
First, we start by finding out what is visible from the outside world with our advanced scanning methodology. This will give an insight as to how much are you exposed to malicious people.
Next, we will take a closer look at possible security holes that were identified, and for each gap, we will validate whether the risk is real, and most importantly, how you can close the gap. We are happy to work together with your team to remediate the findings and by doing so, educate and train your staff at the same time so they are better prepared when a real attack might take place.
An innovative approach
AmanIT believes that traditional A&P testing does not give its customers to most value for money. What if the tester does not find any major weaknesses? Does that mean you are secure, or does it mean the tester was simply not good enough? Ultimately, you are not testing your network, you are testing the tester. At AmanIT, we think your money can be better spend.
Ultimately, a traditional A&P test gives you only as much confidence as the trust you place in the tester. While we thank you for your trust in case you select us to perform an A&P test, we want you to have an even higher level of security. That’s why we have developed a new and improved methodology of reviewing the security of your network that goes above and beyond the traditional A&P test.
The majority of findings resulting from an A&P test are the result of missing patches and incorrect configurations. Hence, we believe it is more efficient to go straight to the root cause and evaluate carefully the configuration of your network devices and scan them for missing patches and updates. This will provide a higher level of coverage of security gaps at a lower cost.
Likewise, we will not spend time (and your money) on demonstrating that the weaknesses can be exploited. If say, Microsoft releases a patch to close a weakness, we take their word for it that the patch is needed. Why would you spend money on paying a tester to prove that, indeed, Microsoft was right? That just doesn’t make sense. Yet, many vendors still sell you this type of service. We believe that your time and money can be better allocated. Our approach cuts straight to the core of the risks and protects you better while being cheaper.
NOTE: If required for PCI-DSS, we will execute a “traditional” A&P test as required by the PCI-DSS standard and our reporting is fully compliant with PCI-DSS.