Cyber Security Testing
What is Security Testing?
Building a secure system is a complex mix of technology, process and control. When a system is commissioned, it is necessary to ensure that all appropriate security controls are turned on, there are no vulnerabilities left exposed, and to verify that the system design and implementation has not missed any obvious security risks.
However, this should not be considered as a one-off action which guarantees security. New vulnerabilities and ways of compromising a system are discovered all the time. Keeping a system secure requires robust processes that ensure systems are kept up to date, all appropriate security controls are turned on and determining if any changes in the environment have created new vulnerabilities.
There are two common methods of system testing that, when implemented together, can give assurance that a system is secure.
Security Testing methods
Vulnerability scanning is the act of identifying potential vulnerabilities in network devices, such as firewalls, routers, switches, servers and applications. This is an automated process which focuses on finding potential and known vulnerabilities but does not attempt to exploit them. Therefore, they are not built to find zero-day exploits.
Penetration testing is a targeted approach and always involves a human factor, as it does not exist in an automated form. The penetration test will attempt to exploit vulnerabilities in systems, applications or architecture to expose a security issue (in a non-destructive manner).
A vulnerability scan often precedes a penetration test, with the results of the scan informing the starting point for penetration testing against the target.
Security Testing services from Nexor
Nexor can assess your need for vulnerability scanning and penetration testing and advise on suitable policies and processes for both. As part of our initial CyberShield Secure engagement with your business, we would identify the need for testing and give you an idea of exactly what is required.
If necessary, we can arrange for expert penetration testing through one of our CREST certified partners. We will match your requirements to the partner who best suits your business. We can then support you with remediation plans to resolve any issues identified.
Preventing document-based malware from devastating your business - Viruses used to be the province of hackers whose aim was to demonstrate their technical prowess by defacing web sites. Today, security attacks are becoming much more sophisticated and infinitely more dangerous. MORE DETAILS
Be the first to know about developments in secure information exchange