Data Loss Prevention Testing Services
How well do these DLP solutions work?
Would it be possible for an employee to steal or copy sensitive data to locations outside of the organisation?
Nettitude’s internal penetration testing offering is designed to address these types of business questions. Our team of consultants will first identify what types of data you house and what types of data you deem to be sensitive. We will then identify exit points within your environment, where an employee could look to remove that sensitive data.
The forrester research report noted that the majority of security breaches involve internal employees. Numerous spectators have commented that the number of ‘internal breaches could be as high as 85% of all IT security breaches’. As a consequence, organisations are understandably beginning to focus on how they can secure their internal infrastructures from internal compromise and insider threat attacks.
Nettitude can conduct penetration testing programs to simulate real employee activity. Whether it is from a company provided desktop or laptop, or with the aid of a BlackBerry or Portable Device (PDA), our team of consultants can test your environment for exposure and sign of compromise. Nettitude’s testers can run tests that are application specific, (limited to SQL, CRM, ERP etc) or infrastructure wide. All of our malicious security employee tests are tailored to your individual requirements. Whether it is an in-depth assessment of a key application or a broader infrastructure testing program, we will look to deliver strong reports that identify your key security weaknesses.
Demilitarised (DMZ) penetration testing will provide an organisation with an in-depth assessment of the applications and resources available from machines that attach to the DMZ network. These forms of tests do not test the strength of firewall or other perimeter security devices. Instead, they concentrate on operating system and application services configuration, whilst reviewing how these resources interact with other Internet and internal / DMZ based networks.
Nettitude’s DMZ testing services provide an organisation with an accurate assessment of the build quality of DMZ attached devices. As well as observing ports, services and applications that are reachable over the Internet, DMZ tests will also assess the services and resources that are not published to Internet based users. This provides an organisation with a much more holistic review of their overall security posture.
DMZ tests deliver both a high-level management review document and an in-depth technical security analysis document. In addition, Nettitude can provide a regulatory tick-sheet that provides gap analysis between your DMZ infrastructure and industry recognised best practice. As part of Nettitude’s stolen laptop security tests, we take a standard user’s laptop and try to compromise it. This includes breaking in to the operating system and bypassing disk encryption. It includes cold boot/RAM tests and Bios based attacks.
Once compromised, Nettitude looks to use the device to gain access to the corporate network, through Virtual Private Network (VPN) attacks or through social engineering compromises. We utilise the information accessible through the laptop to attempt to infiltrate the physical and logical access controls within your wider business fabric. Through this, we attempt to gain access to business information including accounts and credentials, financials and customer and employee records.