Kaspersky Penetration Testing
Practical demonstration of potential attack vectors that could bypass your security controls
Kaspersky Penetration Testing
Get a Quote!
Ensuring that your IT infrastructure is fully secured against potential cyberattack is an ongoing challenge for any organization, but even more so for large enterprises with perhaps thousands of employees, hundreds of information systems, and multiple locations worldwide.
Penetration testing is a practical demonstration of possible attack scenarios where a malicious actor may attempt to bypass security controls in your corporate network to obtain high privileges in important systems. Kaspersky’s Penetration Testing gives you a greater understanding of security flaws in your infrastructure, revealing vulnerabilities, analyzing the possible consequences of different forms of attack, evaluating the effectiveness of your current security measures and suggesting remedial actions and improvements.
This service provides you with information on the existing vulnerabilities, consequences of their exploitation, evaluates the effectiveness of implemented security measures, and enables you to plan further actions to fix detected flaws and improve security. You may also need a penetration testing service if your organization needs to comply with certain security standards that require regular security assessments, such as PCI DSS.
Service Scope and Options
Depending on your needs and your IT infrastructure, you may choose to employ any or all of these Services:
External penetration testing
A security assessment carried out from outside the company's environment without any preliminary knowledge of your systems.
Internal penetration testing
A security assessment that simulates an internal attacker, for instance a visitor with only physical access to your office, or a contractor with limited access to certain systems.
Social engineering testing
An assessment of your staff’s security awareness that emulates social engineering attacks like phishing, pseudo-malicious links in emails, suspicious attachments, etc.
Wireless networks security assessment
Kaspersky experts will visit your site and analyze Wi-Fi security controls.
You can include any part of your IT infrastructure into the scope of penetration testing, but we strongly recommend you consider the whole network or its largest segments, as test results are always more worthwhile when our experts are working under the same conditions as a potential intruder.
Penetration Testing Services
Penetration Testing from Kaspersky helps you and your organization to:
- Identify the weakest points in your network, so you can make fully informed decisions about where best to focus your attention and budget in order to mitigate future risk.
- Avoid financial, operational and reputational losses caused by cyber-attacks by preventing these attacks from ever happening through proactively detecting and fixing vulnerabilities.
- Comply with government, industry or internal corporate standards that require this form of security assessment (for example Payment Card Industry Data Security Standard (PCI DSS)).
About kaspersky’s Approach to Penetration Testing
While penetration testing emulates genuine hacker attacks, these tests are tightly controlled; performed by Kaspersky security experts with full regard to your systems’ confidentiality, integrity and availability, and in strict adherence to international standards and best practices including:
- Penetration Testing Execution Standard (PTES)
- NIST Special Publications 800-115 Technical Guide to Information Security Testing and Assessment
- Open Source Security Testing Methodology Manual (OSSTMM)
- Information Systems Security Assessment Framework (ISSAF)
- Web Application Security Consortium (WASC) Threat Classification
- Open Web Application Security Project (OWASP) Testing Guide
- Common Vulnerability Scoring System (CVSS)
Project team members are experienced professionals with a deep, current practical knowledge of this field, acknowledged as security advisors by industry leaders including Oracle, Google, Apple, Microsoft, Facebook, PayPal, Siemens and SAP.
Depending on the type of security assessment service, your systems specifics and working practices, security assessment services can be provided remotely or onsite. Most services can be performed remotely, and internal penetration testing can even be performed through VPN access, while some services (like wireless networks security assessment) require an onsite presence.
The Service is designed to reveal security shortcomings which could be exploited to gain unauthorized access to critical network components. These could include:
- Vulnerable network architecture, insufficient network protection
- Vulnerabilities leading to network traffic interception and redirection
- Insufficient authentication and authorization in different services
- Weak user credentials
- Configuration flaws, including excessive user privileges
- Vulnerabilities caused by errors in application code (code injections, path traversal, client-side vulnerabilities, etc.)
- Vulnerabilities caused by usage of outdated hardware and software versions without latest security updates
- Information disclosure
Results are given in a final report including detailed technical information on the testing process, results, vulnerabilities revealed and recommendations for remediation, as well as an executive summary outlining test results and illustrating attack vectors. Videos and presentations for your technical team or top management can also be provided if required.
Practical demonstration of real attack scenarios
- Understand the weakest spots of the network and focus on the security processes improvement
- Avoid financial, operational and reputational loss by proactively detecting and fixing vulnerabilities
- Comply with government, industry and internal corporate standards, including GDPR
Strict adherence to international laws and best practices
- The confidentiality, integrity and availability of your systems is our top priority
- All risky checks are negotiated prior service execution
- Confidential data is encrypted
Download the Kaspersky Penetration Testing Datasheet (PDF).
- Pricing and product availability subject to change without notice.