Penetration TestingReal world testing, real results
Organizations today often depend on multiple types of networks including wireless, Ethernet, and Wide Area Networks (WANs). Every additional layer adds complexity and potential security weaknesses. On top of that, web applications and services are likely critical to your mission and may be vulnerable to attackers or provide a gateway to your internal systems. A security breach can cause irreparable damage to your reputation, loss of business, and incur costly financial penalties. Active third party testing by Aerstone can identify weaknesses in your internal or external network infrastructure to prevent breaches from occurring.
Aerstone’ pentesting services are customized and tailored to meet your needs, working with you to define the scope and intensity of the testing. Business and technical experts are assigned to each engagement. This combination provides a unique view of business risks stemming from technical vulnerabilities. Experts review vulnerabilities and assist you in determining the appropriate countermeasures specific to your business environment. Our transparent testing methodology also helps alleviate fears about the testing process; and plain English explanations help non-technical managers feel comfortable with the issues at hand. More than just a “hacker’s eye view,” the Aerstone test team has conducted hundreds of penetration testing engagements in all kinds of environments, and under many different conditions. Aerstone offers full assessments and periodic “check-ups” to identify changes, evaluate new network systems, and profile emerging threats.
Aerstone’s team of penetration testers uses a combination of commercial, open source, and proprietary technologies; investigative intelligence gathering; and hands-on testing techniques — just as a malicious hacker would, to simulate an attack on your networks. We have also developed a customized pentesting device: AerStrike™. This dual-homed VPN device includes a full suite of penetration testing software, and may be deployed to a customer’s network to support remote testing engagements. AerStrike™ supports both on-device and network pass-through testing, as well as both wired and wireless connectivity. For more information on AerStrike™, click here — or download the product sheet.
Aerstone also has the ability to participate in planned attack exercises, including Red Team and Blue Team events:
In a Red Team exercise, Aerstone pentesters will attempt to penetrate an organization’s cyberdefenses, within the boundaries of agreed Rules of Engagement. These attacks are typically time-boxed, and may be conducted either with our without the knowledge of your organization’s IT staff. Attack techniques may include advanced capabilities such as zero-day exploits, social engineering, and phishing attacks. Red Team exercises end when time expires, or the network/application is fully compromised. A thorough management debrief follows all Red Team engagements.
In a Blue Team exercise, Aerstone pentesters will temporarily augment your security and network staff, in order to test the internal security posture of your network and applications. Again within the boundaries of agreed Rules of Engagement, our pentesters will test your cyberdefenses from inside your organization. Blue Team exercises may be conducted either with our without the knowledge of your organization’s IT staff, and may reveal important weaknesses with regard to insider threats or security event monitoring. A thorough debrief follows all Red Team engagements.
Our Experience Sets Us Apart
Aerstone is an NSA-certified vulnerability assessor, and a service-disabled veteran-owned small business. We
approach each engagement with the highest levels of professionalism, determination, and creativity, honed by years of working with security professionals across the military, intelligence community, civilian government, and commercial sectors.
Contact our sales team at firstname.lastname@example.org for more information.