Penetration Testing

Real world testing, real results

 

Complex Challenges

Organizations today often depend on multiple types of networks including wireless, Ethernet, and Wide Area Networks (WANs). Every additional layer adds complexity and potential security weaknesses. Active third party testing by Aerstone can help identify security gaps in your internal and external network infrastructure. A security breach can cause irreparable damage to your reputation, loss of business, and incur costly financial penalties. Aerstone can design customized solutions for your environment to prevent these breaches from occurring.

Proactive Security

Pentesting

Pentesting Lifecycle

Aerstone’s pentesting services are customized and tailored to meet your needs, working with you to define the scope and intensity of the testing. Business and technical experts are assigned to each engagement. This combination provides a unique view of business risks stemming from technical vulnerabilities. Experts review vulnerabilities and assist you in determining the appropriate countermeasures specific to your business environment. Our transparent testing methodology also helps alleviate fears about the testing process; and plain English explanations help non-technical managers feel comfortable with the issues at hand. More than just a “hacker’s eye view,” the Aerstone test team has conducted hundreds of penetration testing engagements in all kinds of environments, and under many different conditions. Aerstone offers full assessments and periodic “check-ups” to identify changes, evaluate new network systems, and profile emerging threats. Unlike our competitors, Aerstone maps its technical assessments to industry standards, including National Institute of Standards and Technology controls, Payment Card Industry controls, and others, ensuring that both your technologists and executives completely understand the vulnerability and risk.

Expert Guidance

The Aerstone Test Team is composed of a mix of expertise and experience in IT security, all dedicated to security assessment projects and engagements. Team members maintain industry certifications in security including CISSP, C|EH, OSCP, GPEN, and GCFE, and undergo annual training to stay current with the latest tools and techniques employed by security professionals. Aerstone is committed to bringing the highest quality assessments and training to our customers, helping your organization avoid being a victim of application attacks now and in the future.

Coordinated Testing

Aerstone also has the ability to participate in planned attack exercises, including Red Team and Blue Team events:

  • In a Red Team exercise, Aerstone pentesters will attempt to penetrate an organization’s cyberdefenses, within the boundaries of agreed Rules of Engagement. These attacks are typically time-boxed, and may be conducted either with our without the knowledge of your organization’s IT staff. Attack techniques may include advanced capabilities such as zero-day exploits, social engineering, and phishing attacks. Red Team exercises end when time expires, or the network/application is fully compromised. A thorough management debrief follows all Red Team engagements.
  • In a Blue Team exercise, Aerstone pentesters will temporarily augment your security and network staff, in order to test the internal security posture of your network and applications. Again within the boundaries of agreed Rules of Engagement, our pentesters will test your cyberdefenses from inside your organization. Blue Team exercises may be conducted either with our without the knowledge of your organization’s IT staff, and may reveal important weaknesses with regard to insider threats or security event monitoring. A thorough debrief follows all Red Team engagements.

Advanced Toolsets

Aerstone’s team of penetration testers uses a combination of commercial, open source, and proprietary technologies; investigative intelligence gathering; and hands-on testing techniques — just as a malicious hacker would, to simulate an attack on your networks.

AerStrike™

Aerstone has developed a customized dual-homed VPN-enabled pentesting device, which comes loaded with our full suite of penetration testing software. This device, which may be deployed to a customer’s network to support remote testing engagements, allows Aerstone's testers to securely test your network without having to be physically present on-site. AerStrike™ supports both on-device and network pass-through testing, as well as both wired and wireless connectivity.

For more information click here, or download the product sheet.

NSCAP Certified

Aerstone is an accredited vulnerability assessor under the NSA's NSCAP VAS program -- one of just five companies nationally to achieve this status.

Services By Type

Assess

Enhance

Sustain

Services By Environment

Commercial

Government/Military

Our Experience Sets Us Apart

Aerstone is an NSA-certified vulnerability assessor, and a service-disabled veteran-owned small business.
We approach each engagement with the highest levels of professionalism, determination, and creativity, honed by years of working with
security professionals across the military, intelligence community, civilian government, and private industry.

Contact our sales team at sales@aerstone.com for more information.