“There are two types of companies: those that have been hacked, and those who don’t know they have been hacked.” (John Chambers – CEO CISCO)
Going to Work for You
This service specializes in security assessments and penetration tests. The goal of each mission is to attack the in-scope infrastructure, using the same techniques used by real-world hackers. The results are summarized in a report, highlighting existing vulnerabilities, along with recommendations about how to reduce them, enhance intrusion detection, and make it harder for real attacks to succeed.
Key Benefits of the Service
Enterprise networks are typically attacked several times a day. Even with security counter-measures in place, the only real way to assess their effectiveness is with simulated attacks.
Historically, intrusion testing has focused mainly on vulnerability assessments, with no attention given to detection capability, nor to stealth attacks, where intruders try to hide and cover their tracks. The Excellium approach moves beyond these limitations. Each test scenario can be configured as required, with a focus on vulnerabilities, detection capability, target hardening, or any combination of all these. This allows us to simulate realistic attacks in ways which will properly test the weaknesses as well as the strengths of the client environment.
Good security depends not only on having the right product, but also on having the right processes.
An Excellium intrusion test mission is only successful when the client understands which attacks affected the target, agrees on the remediation plan, and knows how to implement the fixes.
From this point, the security team can help the client to prioritize remediation activites.
The benefits can be summarized by the following:
- Better understanding of the infrastructure weaknesses
- Learning about new attack techniques
- Cost estimate for remediation fixes
- Compliance
- Rating using standard references (OWASP, CVE, CWE)
- Governance updates and security roadmap
- Helping to align brand strategy with key objectives
- Customer retention: happy customers, repeat business
Our team features well-known security experts, including participants in internationally recognized security projects such as OWASP, Metasploit and MITRE.
We have created a number of tools to help us improve our simulations of real attacks. Among these are tools for phishing, malware distribution, reverse engineering mobile apps, and web browser assessment.
The tools are created in-house, and are not recognized by ordinary anti-malware systems.
Excellium has held PSF accreditation since 2016.
Our team works closely with our colleagues in other teams, especially network security, and incident response (CERT-XLM CSIRT). This allows us to keep up to date, and to offer an effective service, in an ever-changing landscape.
