Sandra Network knows that security for your computer network is more important than every. To ensure our new customers and our engineers understand the environment, and know the precautionary steps needed to ensure security are covered, we offer a onetime no cost Pen Test. We use an impartial Third Party set of tools to allow us to discover where security needs improvement.
As part of the assessment, Sandra Network will run a small utility on Client’s network which will help us quickly gather system information about Client users, computers, and network configuration. This data will enable us to provide a real-time report on Client’s current security posture. Sandra Network will also include information on potential problem areas on the edges of Client’s network, locations of personally identifiable information, as well as passwords found during this assessment. Full passwords are not exposed, only the first few characters are identified. Sandra Network will schedule a post assessment meeting to review the findings and identify the most important areas to focus future efforts.
During the vulnerability assessment, our tool may discover proprietary technical or business information (“Confidential Information”). Any such Confidential Information discovered is incidental an
d only in possession of Sandra Network for the purposes of identifying risks and ultimately securing Client data from unwanted third parties. At no time shall Sandra Network’s possession of the Confidential Information be considered to have provided Sandra Network with any right or interest in the
Confidential Information. Sandra Network will maintain the Confidential Information using a commercially prudent degree of care at least equal to the degree of care Client uses to protect its own information.
Sandra Network and the client retain their respective ownership of any confidential information that is disclosed during this Vulnerability Assessment and the resulting post assessment meeting.
PENETRATION TEST-REASONING/ METHODOLOGY
Do you know WHY users are your biggest cybersecurity threat? Because studies show that 91% of ALL cyberattacks start with a phishing email. This puts the hacker right inside your organization. Our team uses a proprietary (patent pending) process to go beyond phishing training and find out what a hacker can gain access to when someone in your organization is phished.
Internal Testing - Considering over 90% of cyberattacks begin with a phishing email and over 19.8% of employees click phishing email links, our team focuses on what the attacker will gain access to if a normal user were to click a link. We target employees who are the most likely to be phished. These employees also happen to be the ones who have the most to lose: CEOs, CFOs, Directors, HR and sales team members. Why are they more likely to be phished in the first place? They are often communicating with people outside your organization AND they process many more emails than others.
External Testing - What about the other 9% of attacks, how do they get started? Hackers build sophisticated automation that is constantly scanning the internet looking for vulnerabilities. They use these vulnerabilities to get into networks. Galactic Advisors uses some of the same tactics to outline the perimeter of your organization, look for exposed services, find vulnerabilities, and attempt to exploit them.
The following report contains evidence of our findings, remediation steps, as well as descriptions of the risks associated with them.
Hackers are constantly coming up with new attack chains and vulnerabilities. These new methods need to be evaluated and remediated often. Best practice includes regular ongoing security assessments to identify and respond to these new threats.
