Kaspersky Penetration Testing
Practical demonstration of potential attack vectors that could bypass your security controls

Kaspersky Penetration Testing

Get a Quote!

Overview

Ensuring that your IT infrastructure is fully secured against potential cyberattack is an ongoing challenge for any organization, but even more so for large enterprises with perhaps thousands of employees, hundreds of information systems, and multiple locations worldwide.

Penetration testing is a practical demonstration of possible attack scenarios where a malicious actor may attempt to bypass security controls in your corporate network to obtain high privileges in important systems. Kaspersky’s Penetration Testing gives you a greater understanding of security flaws in your infrastructure, revealing vulnerabilities, analyzing the possible consequences of different forms of attack, evaluating the effectiveness of your current security measures and suggesting remedial actions and improvements.

This service provides you with information on the existing vulnerabilities, consequences of their exploitation, evaluates the effectiveness of implemented security measures, and enables you to plan further actions to fix detected flaws and improve security. You may also need a penetration testing service if your organization needs to comply with certain security standards that require regular security assessments, such as PCI DSS.

Service Scope and Options

Depending on your needs and your IT infrastructure, you may choose to employ any or all of these Services:

External penetration testing

A security assessment carried out from outside the company's environment without any preliminary knowledge of your systems.

Internal penetration testing

A security assessment that simulates an internal attacker, for instance a visitor with only physical access to your office, or a contractor with limited access to certain systems.

Social engineering testing

An assessment of your staff’s security awareness that emulates social engineering attacks like phishing, pseudo-malicious links in emails, suspicious attachments, etc.

Wireless networks security assessment

Kaspersky experts will visit your site and analyze Wi-Fi security controls.

You can include any part of your IT infrastructure into the scope of penetration testing, but we strongly recommend you consider the whole network or its largest segments, as test results are always more worthwhile when our experts are working under the same conditions as a potential intruder.

Penetration Testing Services

Penetration Testing from Kaspersky helps you and your organization to:

Identify the weakest points in your network, so you can make fully informed decisions about where best to focus your attention and budget in order to mitigate future risk.
Avoid financial, operational and reputational losses caused by cyber-attacks by preventing these attacks from ever happening through proactively detecting and fixing vulnerabilities.
Comply with government, industry or internal corporate standards that require this form of security assessment (for example Payment Card Industry Data Security Standard (PCI DSS)).

About kaspersky’s Approach to Penetration Testing

While penetration testing emulates genuine hacker attacks, these tests are tightly controlled; performed by Kaspersky security experts with full regard to your systems’ confidentiality, integrity and availability, and in strict adherence to international standards and best practices including:

Penetration Testing Execution Standard (PTES)
NIST Special Publications 800-115 Technical Guide to Information Security Testing and Assessment
Open Source Security Testing Methodology Manual (OSSTMM)
Information Systems Security Assessment Framework (ISSAF)
Web Application Security Consortium (WASC) Threat Classification
Open Web Application Security Project (OWASP) Testing Guide
Common Vulnerability Scoring System (CVSS)

Project team members are experienced professionals with a deep, current practical knowledge of this field, acknowledged as security advisors by industry leaders including Oracle, Google, Apple, Microsoft, Facebook, PayPal, Siemens and SAP.

Delivery Options

Depending on the type of security assessment service, your systems specifics and working practices, security assessment services can be provided remotely or onsite. Most services can be performed remotely, and internal penetration testing can even be performed through VPN access, while some services (like wireless networks security assessment) require an onsite presence.

Results

The Service is designed to reveal security shortcomings which could be exploited to gain unauthorized access to critical network components. These could include:

Vulnerable network architecture, insufficient network protection
Vulnerabilities leading to network traffic interception and redirection
Insufficient authentication and authorization in different services
Weak user credentials
Configuration flaws, including excessive user privileges
Vulnerabilities caused by errors in application code (code injections, path traversal, client-side vulnerabilities, etc.)
Vulnerabilities caused by usage of outdated hardware and software versions without latest security updates
Information disclosure

Results are given in a final report including detailed technical information on the testing process, results, vulnerabilities revealed and recommendations for remediation, as well as an executive summary outlining test results and illustrating attack vectors. Videos and presentations for your technical team or top management can also be provided if required.

Use Cases

Practical demonstration of real attack scenarios

Understand the weakest spots of the network and focus on the security processes improvement
Avoid financial, operational and reputational loss by proactively detecting and fixing vulnerabilities
Comply with government, industry and internal corporate standards, including GDPR

Strict adherence to international laws and best practices

The confidentiality, integrity and availability of your systems is our top priority
All risky checks are negotiated prior service execution
Confidential data is encrypted

Recommendations from professionals in practical security

Only highly skilled specialists participate in projects
Deep background checks and probation period for all personnel
Adhering to the four-eyes principle for extra transparency
Quality assurance on all stages

Documentation

Download the Kaspersky Penetration Testing Datasheet (PDF).

Pricing Notes:

Pricing and product availability subject to change without notice.

Call a Specialist Today! 844-356-5142

Kaspersky Penetration Testing Practical demonstration of potential attack vectors that could bypass your security controls