Specialist Security Testing

Many organisations have deployed Data Loss Prevention (DLP) solutions to help protect corporate data.

Alongside the traditional security testing techniques Nettitude’s testing consultants can also offer specialist testing for a variety of purposes, including Data Loss Prevention (DLP) testing, Malicious Employee testing, Demilitarised (DMZ) testing, stolen laptop testing, wireless testing and database testing.

Data Loss Prevention Testing Services

Common Questions:

How well do these DLP solutions work?

Would it be possible for an employee to steal or copy sensitive data to locations outside of the organisation?

Nettitude’s internal penetration testing offering is designed to address these types of business questions. Our team of consultants will first identify what types of data you house and what types of data you deem to be sensitive. We will then identify exit points within your environment, where an employee could look to remove that sensitive data.

Typical exist points may include:

Ability to print data

Ability to mail data out of the environment

Ability to copy data to USB, Flash, network device to upload data out of the environment through HTTP, FTP, SFTP

Ability to export data to CSV format

Ability to encode/encrypt data and then remove from the environment

Nettitude has a range of security tests that can help you understand whether a trusted user could copy, move or delete sensitive data from your environment.

Malicious Employee Penetration Testing Services

The forrester research report noted that the majority of security breaches involve internal employees. Numerous spectators have commented that the number of internal breaches could be as high as 85% of all IT security breaches’. As a consequence, organisations are understandably beginning to focus on how they can secure their internal infrastructures from internal compromise and insider threat attacks.

Nettitude can conduct penetration testing programs to simulate real employee activity. Whether it is from a company provided desktop or laptop, or with the aid of a BlackBerry or Portable Device (PDA), our team of consultants can test your environment for exposure and sign of compromise. Nettitude’s testers can run tests that are application specific, (limited to SQL, CRM, ERP etc) or infrastructure wide. All of our malicious security employee tests are tailored to your individual requirements. Whether it is an in-depth assessment of a key application or a broader infrastructure testing program, we will look to deliver strong reports that identify your key security weaknesses.

Stolen Laptop Penetration Testing Services

Many users have laptops that they take to and from their place of work. Sensitive data is stored to disk, and security controls are often poorly deployed.

As part of Nettitude’s stolen laptop security tests, we take a standard user’s laptop and try to compromise it. This includes breaking in to the operating system and bypassing disk encryption. It includes cold boot/RAM tests and Bios based attacks.

Once compromised, Nettitude looks to use the device to gain access to the corporate network, through Virtual Private Network (VPN) attacks or through social engineering compromises.

We utilise the information accessible through the laptop to attempt to infiltrate the physical and logical access controls within your wider business fabric. Through this, we attempt to gain access to business information including accounts and credentials, financials and customer and employee records.

Demilitarised Penetration Testing Services

Demilitarised (DMZ) penetration testing will provide an organisation with an in-depth assessment of the applications and resources available from machines that attach to the DMZ network. These forms of tests do not test the strength of firewall or other perimeter security devices. Instead, they concentrate on operating system and application services configuration, whilst reviewing how these resources interact with other Internet and internal / DMZ based networks.

Nettitude’s DMZ testing services provide an organisation with an accurate assessment of the build quality of DMZ attached devices. As well as observing ports, services and applications that are reachable over the Internet, DMZ tests will also assess the services and resources that are not published to Internet based users. This provides an organisation with a much more holistic review of their overall security posture.

DMZ tests deliver both a high-level management review document and an in-depth technical security analysis document. In addition, Nettitude can provide a regulatory tick-sheet that provides gap analysis between your DMZ infrastructure and industry recognised best practice. As part of Nettitude’s stolen laptop security tests, we take a standard user’s laptop and try to compromise it. This includes breaking in to the operating system and bypassing disk encryption. It includes cold boot/RAM tests and Bios based attacks.

Once compromised, Nettitude looks to use the device to gain access to the corporate network, through Virtual Private Network (VPN) attacks or through social engineering compromises. We utilise the information accessible through the laptop to attempt to infiltrate the physical and logical access controls within your wider business fabric. Through this, we attempt to gain access to business information including accounts and credentials, financials and customer and employee records.

Database Penetration Testing Services

Databases provide the powerhouse for many IT application services. Traditional security for these services is provided through access controls and encryption services. Logging and auditing is then overlaid, to assess which objects have been accessed by whom and when.

Nettitude provides a series of database testing services. Our consultancy-led engagements will test the build of the database infrastructure for deployment and configuration exposures. Once this has been conducted, Nettitude will assess the procedures and controls that are in place to restrict user access to system calls and extended database logic.

Nettitude will assess the partitioning of user roles to ensure that the appropriate security controls are in place to prevent unauthorised users from accessing data that they should not be able to see.

Nettitude can provide end-to-end database security analysis services. All of our tests result in bespoke reports written specifically for your business environment. This service ensures that you uncover your security weaknesses before a user takes advantage of them, and provides you with the information required to deploy stronger database security in the future.

Intelligent Cyber Security and Risk Management    0345 5200 085    solutions@nettitude.co.uk