Penetration tests are becoming the standard for real world security testing. The goal of the tests are to conduct realistic scenarios and gauge the performance of employees. At PMV Security we always pushing the limit on what defines security. Similarly, we are one of the few companies in Vietnam providing high quality tests for clients.
What are penetration tests?
Many businesses think they have good security. They may also think their security team is performing well. The goal of the tests is to identify poor performance or vulnerabilities that previously were not known. For instance, a test discovers someone can enter a sensitive area that was thought to be secure. Our testers will develop a scenario or multiple scenarios. After that, they will conduct attempts at exploiting vulnerabilities. This can include physical or digital threats.
What’s the goal?
The real goal is to gauge the effectiveness of existing security measures. Likewise, identify previously unknown vulnerabilities by a likely potential threat. If the threat is outside the scope of protection than it is not a scenario to test for.
How does it work?
Planning | Pre-Test Phase
First, a consultation will occur. We will determine what the purpose of your current security measures and what your goals for protection are for.
For example, a manufacturing company has finished products and sample products that need to be protected in addition to valuable equipment and the physical property itself.
The manufacturer is concerned about:
- Small coordinated thefts, potentially 1 or 2 individuals initiating a burglary after operational hours.
- Insider threats such as employees smuggling product outside during operational hours either for counterfeit manufacturers or stolen goods sales.
- Threats posing as an employee to smuggle goods / prototype goods or photograph prototype product.
A series of tests would use real world scenarios to closely match your potential threats.
Once we have established what your goals are we will set a time period for the testing to occur. Depending on the site or type of client this testing time period can range from a few days all the way up to a month.
For safety and security purposes, we will setup a procedure for the pen testers to follow in the event they are caught. Because we do not want to jeopardize security during a test. by your staff or security force.
Our pen testers will have various equipment. The type of security will determine what kind equipment they use in a test. This can range from:
- Lock Pick Sets
- Lock Shims
- Bump Keys
- RFID Cloners
- RFID Cards / FOBs
- Fingerprint Lifts
- Hidden Cameras
- Aerosol Spray
- Fraudulent Access Badges
- Compromised USBs (deploying a digital payload)
and the list goes on and on.
Stage 1 – Reconnaissance: Our testers will conduct reconnaissance to gain knowledge of your security measures at your site. Again depending on the client, size of location, and what the target is will determine the length of this stage.
Stage 2 – Execution: After that, an operational plan will include all scenarios . This can vary from site to site. There may be multiple targets on one site or even multiple sites with multiple targets.
Stage 3 – After Action Review: Once the tests are complete, we will compile a report with a presentation to provide to management. This will detail all the tests on your sites, methods of exploitations, success/failure and finally control measures.
Results are what really matters at the end of the day not just with penetration tests but anything in business. What did these tests do for your organization? Once these tests are conducted a performance KPI would be applied to each of the tests giving you idea on the performance of existing security assets and policies. The organizations ability to identify and respond to security threats and evaluate the overall security posture.
Recommendations on security policies, equipment, or personnel will be what provides the best results. We will provide a comprehensive list of recommendations for security measures needed to address any vulnerabilities discovered or improve the performance of an existing security measure. after that
Contact PMV Security Group today for a consultation on penetration tests. so
Think you have what it takes to be a penetration tester or security auditor? Check out our open positions or send us your CV. so