What We Do
- Penetration Testing – Identify vulnerabilities in cloud, hybrid and on-premise environments
- Red, Blue, and Purple Team – Increasingly advanced risk assessments as organizations mature their security controls and detection methodologies
- Remediation support and validation of remediation actions
SecureSky Offensive Security Testing Attempts to Circumvent Security Controls to Identify Vulnerabilities and Determine Risk From Attacks
In performing manual penetration testing, SecureSky utilizes a proprietary methodology, incorporating the NIST SP800-115 Technical Testing Guide, the Open Source Security Testing Methodology Manual and Cloud Security Alliance standards, as well as extensive threat intelligence to simulate constantly evolving attack vectors. We closely monitor real-world malicious threats, understanding how attackers are changing tactics, techniques and procedures as organizations have shifted to the cloud.
As security controls are matured, SecureSky provides Red/Blue Team exercises, assessing an organization’s ability to deter and defend against multiple and advanced attack scenarios, and Purple Team exercises to determine if threat monitoring technologies are able to detect attack vectors.
SecureSky also provides post-testing support, to assist remediation teams and retest steps taken during remediation to determine their effectiveness, or need for additional actions.
SecureSky Penetration Testing Assessments Include:
- Real-world attack scenarios, often combining low-risk vulnerabilities, just as an attacker would
- Industry-leading commercial, open-source and proprietary tools
- Expert and experienced assessors in cloud, hybrid and on-premise environments
- Coordination with threat detection teams to determine threat monitoring effectiveness
- Detailed analysis of the root causes of vulnerabilities, to provide actionable strategic and tactical recommendations
- Remediation support and validation of fixes
- Design of increasingly advanced testing scenarios as security controls are matured
As companies migrate to hybrid or pure cloud environments, penetration testing services must evolve. Cloud tenant environments must also be tested, as attackers can gain persistence via several mechanisms, including changing configuration settings, accessing sensitive information, privilege escalation, or using a compromised environment as a launch point for additional attacks. Multi-cloud environments compound this complexity.
©2022 SecureSky, Inc. All rights reserved. SafetyNET, SecureSky, AdaptiveDefender and the SecureSky logo are marks of SecureSky, Inc. SecureSky U.S. Patent Nos. 8,347,391; 8,856,324; 9,021,574; 9,350,707; 9,787,713; 9,888,018; 10,015,239. Additional patents pending. Azure and Office 365 are registered trademarks of Microsoft.