Penetration Testing

Without thorough penetration testing, you won’t be able to find and fix holes in your cyber security

Find out if your cyber security can withstand
the latest attacks

Cyber threats are always evolving and that’s why even the most robust cyber security system starts to show vulnerabilities and exploits over time. Without a regular assessment of your security solutions, you won’t realize where these vulnerabilities develop and thus, your network will be exposed to more sophisticated cyber threats. With regular penetration testing by CloudCoCo, your cyber security’s vulnerabilities will be found and patched immediately.

Our experienced security consultants simulate extremely realistic attacks that try to exploit your cyber defences from every attack vector. We will pinpoint security flaws and patch them immediately and through a combination of internal and external vulnerability scanning that fits your schedule and environment. Cyber security is a continuous process so we’ll keep monitoring your systems and inform you if immediate action is necessary.

Penetration Testing as a Service (PTaaS)

A company’s Security Posture is constantly changing in line with the evolving risks faced by multiple sources. A traditional Penetration Test is very much a point in time assessment. It is time for the market to evolve and a new solution to be provided that meets the needs of the customer.

PTaaS advocates a continuous cycle of testing and remediation. It suggests that your security posture is always changing so in order to combat this moving target there must be an on-going program of testing, remediation and management. PTaaS is all about establishing a regime of automatic checks and monitoring so that even the smallest aspects of your eco-system are protected.

Advanced Monitoring Tools

CloudCoCo’s PTaaS service is a part of the same technology group of companies as RapidSpike, a market leader in providing advanced monitoring tools to many numerous clients worldwide. Every CloudCoCo customer will have a level of access to the following tools depending upon the level of service they have acquired.

Penetration-Testing
Category Description
Security Tools Scan the external perimeter of your network to check for any software or configuration vulnerabilities, receive an early warning of an impending security issue and obtain a list of networks to block to prevent it, or when JavaScript on your web application changes.
Ensure that your site has not been compromised and is available to users via the Google search engine.
Performance Tools Simulate and monitor real users from all around the world with our Synthetic Journey monitors. Track real user experience – traffic volume and page load speed – by country, browser & device.
Assurance Monitors Monitor for the expiry of your domain names, protect against Domain Hijacking and ensure you are notified of any changes to your WHOIS records. Get notified when close to expiry as well as if any changes occur to your SSL Certificate. Avoid losing traffic and damaging your business reputation by ensuring your domain redirection is configured properly.
Availability Tools Reliable and constant uptime monitoring for your entire platform – from server level to individual website pages. Monitor your API endpoints using our HTTP POST monitor, capable of sending a request body and matching the response against an expected value.
SEOMonitors Monitor industry leading SEO Statistics for your websites and determine their Search Engine rankings over time. Integrate with your Google Analytics account, enabling RapidSpike to collect and display key metrics such as user sessions and to be able to graph these with server response and page load times. Monitor the Alexa Traffic Ranking for your websites as a way of determining their popularity over time.

Secure Portal

SecurePortal is a key component of Penetration Testing as a Service (PtaaS), providing customers of CloudCoCo with a live cloud service to manage their penetration testing services and results.

CloudCoCo uses SecurePortal inorder to move away from the traditional delivery of PDF based reports, toward a more intelligence and secure process. Both vulnerability scanning and manual penetration testing services can be requested via the portal, target scopes submitted securely, and all results digitally presented in a way that can be interrogated, tracked, measured and easily exported.

Penetration-Testing4

Given that the threat landscape constantly evolves, SecurePortal automatically checks the National Vulnerability Database (NVD) and alerts the customer via SMS and/or email if any newly discovered vulnerability could affect their SecurePortal tracked assets. This enables customers to react quickly if a new threat is discovered, or a current vulnerability increases in severity.

Benefit Description
Manage Your Services Manage all automated and manual penetration tests from booking to report delivery, all in one two-factor secured and easy to use cloud service.
Interrogate Your Vulnerabilities Interrogate vulnerability information identified in both automated and manual penetration tests, viewing the results as ‘Vulnerability Centric’ or ‘Host Centric’, and filtering results by host and severity.
React Quickly To New Threats Submit sensitive assessment scopes, manage proposals, and upload MSAs quickly and securely via the online questionnaires, rather than via documents sent as email attachments.
Manage Your Proposals and Scopes Manage all automated and manual penetration tests from booking to report delivery, all in one two-factor secured and easy to use cloud service.
Export Your Date Export full or filtered vulnerability information in multiple formats including XML, CSV, JSON, PDF and TXT.
Stay Informed Receive alerts via email or SMS when the severity of a vulnerability affecting your assets officially changes.

Find and fix security vulnerabilities with regular penetration testing and frequent vulnerability scanning

CloudCoCo conducts penetration testing on:


Internal and External Hosts

Web Applications

Cloud Security

Wireless Network

Website Security

Social Engineering

FAQ

Our experts will simulate cyber attacks that test every aspect of your cyber defences. This includes probing your points of access, user credentials, networks and systems. Successful attacks will indicate flaws in the security system, which we will then fix accordingly.

Penetration testing should be done annually at the very least, to maintain regulatory compliance standards (Source: National Cyber Security Centre).