PEN TESTING IMPROVES
YOUR SECURITY POSTURE

VULNERABILITY PROTECTION AND PREVENTION

The impact of security breaches has increased consistently over the last decade. In 2019, the average lifecycle of a breach was 314 days, and the average cost of a data breach was $3.92 million as of 2019. Even if an organization invests in industry-leading software, the best personnel, and the strictest internal processes, without security testing, it is impossible to adequately protect the assets from vulnerabilities and inevitable security breaches. For this reason, penetration testing is a critical aspect of your organization’s security operations.

WHY STRATUS CYBER?

Penetration testing (pen-testing) mimics a real cyber-attack by inviting a third party to actively search for and exploit vulnerabilities within an organization’s digital environment. The goal is to proactively identify weaknesses, ensure protocols are effective, and detect bugs in the software and applications. Pen testing also helps to protect against social engineering tactics by validating how cyber-aware employees are when it comes to information protection best practices. After executing the penetration test, the team reports its findings and recommendations for risk mitigation.

While all companies can benefit from regular penetration tests, it’s especially important for organizations that deal with sensitive data. The US Department of Agriculture (USDA), the Federal Communications Commission (FCC), and the National Oceanic and Atmospheric Administration (NOAA) each deal with highly sensitive information and sought out Stratus Cyber for penetration testing execution. Stratus Cyber has also worked with Google Partner Security Program and many other organizations on testing the strengths of their security through pen-testing.

THE ENGAGEMENT

Each set of penetration tests varies based on the goals to be achieved. However, the most common methodology has three phases: Discovery, Execution, and Post-execution.

The Discovery phase involves gathering information, identifying assets that are most likely to be targeted by threats, and developing the rules of engagement with the client.

Penetration testing (pen-testing) mimics a real cyber-attack by inviting a third party to actively search for and exploit vulnerabilities within an organization’s digital environment. During the Execution phase, Stratus Cyber performs the tests, identifies critical and non-critical vulnerabilities, and validates which of those vulnerabilities could result in an attack.

Finally, in Post-execution, the test team identifies the root causes of the vulnerabilities to establish recommendations that are curated in a final report on the overall findings. Post-execution also seeks to test some of the common and uncommon exploits used by attackers. These include brute-forcing, CSS vulnerabilities, back-up file disclosures, and company credential breaches, among others.

THE RESULTS

Through these engagements, Stratus Cyber identified multiple moderate and severe vulnerabilities. If left exposed, these could have resulted in dire consequences for the organizations, its members, and the larger public.

While results and findings varied throughout organizations, Stratus was able to pinpoint issues such as XSS vulnerabilities, CSRF vulnerabilities,issues within authorization controls,and weaknesses that could arise from brute force, SQL injections, and cross-site request forgery.

All pen-testing clients receive a detailed and easy to understand report of our findings. The report not only educates the organization on the vulnerabilities found but also offers solutions on the best ways to remediate them.With penetration testing, these organizations and the many others working with Stratus Cyber can more accurately maintain security oversight of their digital environments.