Penetration testing of computer networks, systems and applications / Ethical hacking
Companies today face not only attacks from hackers and cyber criminals, but also companies that use cyber attacks to achieve their goals through corporate espionage. The motives behind cyber attacks are no longer just money or revenge, but also strategic disruption, as well as gaining an advantage over the competition.
Securing the edge of the computer network is no longer the only challenge companies face in order to ensure their impenetrability. It is necessary to take additional steps to secure the computer network at all levels.
The frequency and sophistication of attacks has increased over the past few years, while at the same time, with the use of automated tools, the level of knowledge required to execute an attack is decreasing. In order to successfully defend against potential attacks, companies hire IT security experts.
The methodology used by Deloitte is tailored to the needs of clients and is designed to proactively identify threats at all, both external and internal, access points of the IT system and offer clear recommendations for eliminating or mitigating the risks of identified vulnerabilities.
Global research agency Gartner (Gartner) has named Deloitte as the global leader by revenue in the provision of services in the field of security and prevention of cyber attacks for the sixth year in a row.
Our approach is aligned with the needs of our clients with the aim of providing the highest level of service with minimal impact on business continuity.
- Determining the scope of the project and defining the procedure in case the tests we perform affect the operation of the system. We agree in advance the circumstances that condition the escalation of potential problems to senior management.
- Documenting types of attacks, applications, data, and potential vulnerabilities and highlighting those of major importance to the organization. Our experience has shown that each company has a specific risk profile that determines the type, scope and level of aggressiveness of our tests.
- Determining the systems, network components and wireless access points visible from the position of the cyber attacker. Our experience is that the approach of selecting critical access points for testing produces the best results that lead to surprises that confirm the necessity of penetration testing.
- Using a wide range of vulnerability scanners and various simulated attacks using Deloitte's methodology and tools. All tests are in accordance with a pre-agreed schedule and Deloitte policies. This approach ensures detailed testing of all components within the agreed scope of the project, reduces the chance of accidental failures, and at the same time provides assurance that the tests will not affect the operational work of the company.
The combination of internal and external computer network testing and application testing provides complete coverage and enables understanding of the company's vulnerability level, whether the vulnerabilities are caused by poor configuration, maintenance or failures in the architecture of various solutions, etc.
Our penetration tests are based on standards such as OWASP, WASC, and NIST guidelines as well as international best practices. Report consists of management summary with activities performed during the security assessment, methods used, the key observation and overall recommendations presented in a high level improvement plan.
How can Deloitte help?
Ethical hacking services can help our clients assess the vulnerabilities and weaknesses of IT systems with the aim of preventing cyber threats and raising the level of protection of the company's security mechanisms.
Our services include several subcategories in the field of ethical hacking:
- External and internal penetration tests of computer networks.
- Penetration tests of wireless computer networks.
- Penetration tests of applications and mobile devices.
Our services in the field of cyber security
- Vulnerability assessment: assessment of risks arising from the vulnerability of an organization's IT systems
- Infrastructure Penetration Testing: Internal and external penetration testing simulates a cyber attacker trying to reach critical network infrastructure
- Application penetration testing: determining the vulnerability of applications, web applications, mobile applications, using simulated cyber attacks
- Configuration review: a review of the server's configuration to determine system vulnerabilities.
- Our services are at a level that goes beyond the technical analysis of system vulnerabilities. We represent technical vulnerabilities as business risks. Our global security frameworks, capabilities and coverage allow us to leverage the global experience of our cyber threat experts from 45 countries around the world.
- We are able to position ourselves as advisors and partners to your company with the aim of eliminating vulnerabilities, while remaining impartial to a particular supplier.
- Our reports provide a clear insight into whether it is necessary, and in what priority, to take steps to mitigate the identified risks. The reports were created with the aim of providing a clear path for the elimination of detected vulnerabilities.
- All penetration tests are performed by Deloitte experts in order to limit the client's exposure and ensure the confidentiality of the information provided, or with which we came into contact during testing.
- Our professionals draw conclusions using the same analyzes as malicious hackers, using a pragmatic and project-oriented approach that ensures predictability and consistency.
- The attention we pay to the process of selecting systems and attack vectors is aimed at protecting the integrity of systems, data and applications and reducing the risk of unwanted systemic consequences.