Here at ThreatPoint, we provide many services to protect businesses from a large number of security issues. Ranging from IP, Device and Email reputation to secure website hosting and IT consultancy.
One of the challenges we come across frequently, is one that faces many businesses. Simply not knowing about an issue until it’s too late. The data has left the building!
Tell tale signs are often there:- poor website and server performance, high spam rates, strange redirects, spike in phishing emails, services going offline frequently.
Sometimes though, no indicators are present. Often a business can be compromised, data extracted and they are none the wiser.
Therefore one of the most important undertakings for any website or service is to assess the security on a periodic basis. The last thing any business or consumer needs is a site or service that is not secured properly.
A situation that can be damaging for all parties and in some instances result in fines and brand damage for the business.
We can begin by asking simple questions such as:
How do you know if your Website is secure?
Is the data in the database secure?
Are the permissions of the file server secure?
Are there any known software issues, exploits, backdoors?
If it’s hosted and you pay for the service, has security ever been mentioned?
Does the site/service store individuals personal information and can you attest that it is secured to meet the requirements set out with industry regulations?
The list goes on!
Assessing security of websites for issues and vulnerabilities is a remote service offered by the ThreatPoint UK consultancy team.
Referred to as a Penetration Test (PenTest), the assessment attempts to shine a spotlight into issues with a service / site using a range of techniques. Typically techniques that are well known and used by attackers, simulating real world attacks.
Additional posturing of services is performed checking for issues with software versions, credential access, lateral movement, file system access, poor endpoint protection.
Depending on the coverage required, the PenTest can focus on individual sites or a range of infrastructure including network devices, file servers, domain servers and others.
The ThreatPoint team consists of experts from a wide range of security and identity fraud backgrounds. Including those who have worked for the well known pen testing software companies.
By combing these skills with decades of security experience, a combination of open source and commercial products, security and vulnerability issues can be highlighted quickly.
Following the initial pen testing engagement, a report is produced for the customer, highlighting the issues that need attention.
Ranked by criticality, with advice on how to mitigate and resolve the report allows owners of the service to focus on the issues that matter.Timing of any pen test is important.
Critical services and business websites need to be available to suit the business needs. The pen test engagement will be run during the hours that work for the business, to ensure services are available when needed. PenTests are not just for large companies, even business with single installations should engage and request site assessments, if not full blown pen tests.
Typically the ThreatPoint team conduct pen tests throughout the night and early morning to reduce the impact of any issues. Your site may benefit from a simple assessment of your WordPress or Magento site for example.
Such an assessment can be performed quickly and effectively, highlighting issues and providing recommendations to solve the issues.
Going beyond simple scans, the assessments include acting as a typical attackers do. Information gathering (passive), attempting to establish a foothold, escalate and move laterally (if applicable).
Our tests are designed to give you a full understanding of any issues including data leakage through normal web channels.
Not all of these tests are appropriate for every service, we would provide a rundown of the items to be tested before engaging. We require consent from the business before undertaking any engagement.
Like anything in the security world, PenTesting and service assessment is not a one time thing. Software exploits and issues are developed and discovered every day. Service assessment should become part of the routine for any website or service, especially if the site and services are handling sensitive personal information. We recommend a six month assessment check and provide flexible pricing to suit.Our PenTesting and site assessments are broken into three packages from individual sites to a larger number
- Individual Web Sites – £200 per Site
- Minimum of 5 Web Sites – £150 per site
- Minimum of 10 Web Sites – £100 per site
- Networking Equipment, Servers – £50 per device
If periodic assessments are preferred, the cost is reduced
- Individual Web Sites – £150 per site
- Minimum of 5 Web Sites – £100 per site
- Minimum of 10 Web Sites – £75 per site
- Networking Equipment, Servers – £40 per device
Often a PenTest is used to highlight issues across the whole stack, additionally more and more customers are turning to us after seeing issues with WordPress sites (maybe poor performance as a result of malicious access attempts) or simply to make sure they are not at risk from poorly secured offerings, bought as part of a hosted package.
Does the incumbent host really care about making sure your site is secure?
A site assessment is a great way of showing where you stand, and where improvements could be made.
The major benefit of undertaking a service assessment with ThreatPoint, is knowing that any issues will be discovered and mitigation or solutions recommend.
ThreatPoint can then provide the assistance to resolve if needed, allowing the security of your site to be handled and maintained by experts who care.
Passing the security assessment of your sites and services to the ThreatPoint team is one less thing to worry about.
Please get in touch for more details – we would be delighted to assist.