Vulnerability testing and assessment

We are experts in social engineering, and are called upon regularly to advise, train and test organizations on social engineering vulnerabilities. When we use social engineering in our physical and technical vulnerability tests, Burtelson has a 100% success rate.


What is vulnerability testing, and why you need it


Vulnerability testing, also called penetration testing, takes place when an organization utilizes the services of a trusted and expert cyber security company to test systems and simulate attacks that can and likely will occur against your infrastructure, your data and your people. Such testing will provide you with a comprehensive analysis of your security vulnerabilities, and will allow us to work with your organization to create or revise your policies and procedures as they relate to your security. Security is not "one size fits all" and you can't get it in a box. We ask tough questions and find solutions. We combine security strategy, engineering and knowledge to target threat vulnerabilities that could wipe out your infrastructure.


There is one universal way to prevent the cyber attacker from being successful: think like a cyber attacker.


News headlines tend to highlight wide-scale attacks against large enterprises, spectacular attacks that hit millions of customers. But most attacks actually target small and mid-size businesses. And in relative terms, these attacks are often much more costly to smaller targets.


Cyber attacks are implemented against both specific and random organizations, services, and individuals to obtain private, technical and institutional information, and other intellectual assets for the purpose of vandalism or monetary gain. Healthcare organizations are particularly targeted for financial and patient information.


Cyber attacks against healthcare organizations rose 31 percent in 2013 versus 2012, making them the fastest-growing group of targets.


Your data is valuable, and your most sensitive information is at risk. And you likely have ties to bigger, high-profile business partners (think your financial institution, vendors, etc.) Given that today's advanced attacks can easily bybass most security tools, you may have been breached and not even know it.


It's true that only by assuming you're in the crosshairs of cyber attackers can you better prepare yourself against the inevitable attack.


Why we're one of the best at vulnerability testing


We have extensive experience and knowledge of vulnerability testing, and the tools and technology to achieve the best results. Unlike vulnerability testing and assessments provided by other companies, we gain detailed information and knowledge of your organization, people, data systems and infrastructure. We do not rely on automated information from auto-scanning tools, which only reveal about 15% of your vulnerabilities. We manually scan your systems, and then we customize exploits based on weaknesses found in your infrastructure and systems. We are experts in social engineering, and are called upon regularly to advise companies on social engineering vulnerabilities. When we use technical social engineering exploits, Burtelson teams have a 100% success rate.


Our testing process simulates the attacks that you can expect from actual criminal hackers. We conduct our assessments, testing and simulated attacks in a way that  is non-intrusive; most employees aren't even aware of our presence. This is how it happens in the real world when criminal hackers are accessing your systems.



Types of vulnerability testing we provide


The following list includes the areas of assessment and testing in which we work:


         Social Engineering—Social engineering attacks are the most serious threats against you. During social

            engineering penetration testing, you will understand how your people are prone to bad decisions, and

            can be easily manipulated and convinced to had over the "keys to the mint." Social engineering attacks

            are among the most difficult attacks to defend against.


         External Network—External network penetration testing scans your systems against threats from outside,

            using a public network, and gathers information and performs exploits from outside the perimeter of

            your network.


         Internal Network—Internal network penetration testing simulates attacks to your system or network from

            within your walls. Our team assumes the role of a malicious and knowledgeable insider with legitimate

            access to your network. We simulate threats that could come from a rogue employee, malware, internal

            hackers, or thieves who have successfully bypassed your physical security and are now hacking you from

            the inside.


         Physical—After physical penetration testing, you will learn real threats to your organization's physical

            security, and realize the potential for an intruder to enter a secure facility or restricted area.


         Wireless—Wireless penetration testing identifies and exploits vulnerabilities in your wireless environment.


         Telecommunication and VoIP—Public Switched Telephone Networks (PSTN) and Voice over IP (VoIP) penetration

            testing analyzes the security of your phone systems. VoIP networks are increasingly popular, as they reduce

            costs, improve quality and simplify management. However, they have addition risks such as call tracking,

            call data manipulation, listening capabilities and unauthorized wiretapping. Our team assesses authentication

            mechanisms, and the potential for interception or manipulation for conversations within your telecommunications



         Applications—Application penetration testing ensures application security. This testing plays a critical role

            to harden any application against potential attacks. Until you undergo simulated attacks that are like a

            thief trying to steal your information, or a saboteur who wants to erase you and bring you down, you won't

            know how well, or even if, your organization will survive a targeted attack.




© 2019 Burtelson Security Labs, Inc.

  Burtelson Security | (312) 561-3101