Your organization has invested in intrusion detection/prevention systems, firewalls, anti-virus, anti-spam/spyware, training, etc. Penetration testing is the best way to evaluate how these investments work in concert to protect the systems that run your business.
BTB Security tests the security posture of your organization by attempting to gain access to your systems and data through exploitation of security vulnerabilities. The BTB Group performs the following types of tests:
- Technical testing of Internet-facing systems/devices (web sites, remote access, routers, firewalls, etc.)
- Social engineering of employees (phishing, phone calls, etc.)
- Technical testing of internal systems/devices
- Physical testing of facility security (data centers, buildings, secure areas, etc.)
Technical testing methods range from simple password guessing to complex buffer overflows or SQL injection. Social engineering and physical testing methods may include designing phishing emails and sites, calling help desk personnel, and piggy backing into an entryway. BTB Security chooses or designs the attack vectors needed to fit each unique environment that we encounter.
BTB Security consists of security experts that understand the architecture used in all sizes of organizations. We perform a logical, physical, and social analysis of the environment to identify security vulnerabilities. We not only leverage existing tools and techniques, we also develop many of the tools and techniques used to exploit vulnerabilities in your environment. BTB Security will help you understand how an attacker may target your information resources, employees, and facilities as well as how to defend your organization from these attacks.
Click here to download our Penetration Testing overview (PDF)
BTB Security was hired to perform penetration testing for a healthcare customer that included technical testing, social engineering, and physical controls testing. BTB identified weaknesses in the incident response capabilities and procedures by successfully staging phishing attacks that included gaining access to internal systems. BTB also was able to uncover problems with physical security controls by gaining access to facilities and sensitive information on paper, in file cabinets, and more. This customer was able to use the results to focus its budget and efforts in the right places.