Penetration testing goes a step beyond vulnerability assessment by simulating actual attacks on the vulnerabilities discovered. The test will demonstrate what attackers can do if they are successful, including theft of data and control over key systems. The test can either be time limited, to see what can be accomplished in a specific time period; or target limited, in which a specific number of target hosts are assessed.
Penetration testing can be conducted with knowledge of the company network – a “crystal box” test – or with CBTS possessing no knowledge of the target – a “black box” test. This includes reconnaissance on the targets as well as attempts to exploit vulnerabilities that are found during the Penetration test. The targets can be operating systems, listening services, and/or web applications. This can be done externally as well as internally, and can include additional attack vectors such as phishing, social engineering, or physical security. The results are presented in either a Findings Brief or a Full Report.
CBTS ReportingCBTS provides a detailed, customized report for our engagements. We provide a concise report that focuses on the actionable findings that are prioritized by severity along with associated recommendations for improvement. Every CBTS information security report contains the technical detail for operations to understand and remediate plus a high level executive summary to effectively communicate the results to leadership. With CBTS security, you will have experts available to discuss all areas addressed and the specifics of each finding with you and your team to ensure you get the most out of our collaborative effort.
CBTS works on being our "partner" - going out their way to be accommodating to all of our requests. They’re always available to work with our management and technical teams to answer their questions.
Their security assessments are developed for both management as well as technical teams. The detailed recommendations are extremely valuable as well.
Rick Grubbs - Sr. Director, Managed Cloud, itelligence