We recognise ALL vulnerabilities. So, as well as testing your IT, we will look for other vulnerabilities as identified in our PIP model – people and processes/physical.
We can execute an array of information technology tests. We can look at vulnerabilities in web applications and websites. We can test compliance and review your source code.
Crucially though, we can also test your people, processes and premises. Think of it this way: locking down your IT is not good enough if your employees leave the key in the front door. We use our Cyber Security Behavioural Model to identify issues such as susceptibility to social engineering, risky behaviours and insider threats.
All of our testing is tailored to your personal purpose and nature of your applications. At MetrixCloud, we believe that our experienced and intelligent approach, which has been tested and improved throughout the years, provides more accurate results than automated software. Initially we test anonymously in order to gain a perspective to find out where there are opportunities for attacks, revealing the typical misconfigurations and issues such as SQL injections and cross-site scripting.
All found vulnerabilities are verified to remove false positives and exploited to demonstrate the real impact of an attack and risks. We scan underlying web server platform flaws that may not be first apparent at the application layer.
MetrixCloud’s vulnerability assessments are designed to test your internal and external infrastructure in order to protect you from known exposures and vulnerabilities.
- Internal Assessment Testing provides an organisation with a review of its security conducted through the eye of an internal user, a temporary worker, or an individual that has physical access to the organisation’s buildings.
- External Assessment Testing provides an organisation with a review of its IT infrastructure conducted through the eye of an internet user.
- Consultancy-Led Vulnerability Assessments – All of our engagements commence through strategic scoping so we are able to fully understand your own personal requirements and testing objectives.
- Automated Vulnerability Assessments – we deliver automated vulnerability assessment services through both web based portals and appliances.
- Tailored Vulnerability Assessment Reports – we will work with you to build a bespoke solution to ensure all of your company requirements are met. The reports that will be issued will be both technical and in plain language so when they are delivered to the Board, your company’s cyber vulnerabilities can be understood and then actioned.
Some people in your organisation are more vulnerable than others. Front-line staff such as reception and customer services are obvious targets for hackers. Senior employees and specialist IT roles have information that cyber criminals are looking for.
We can undertake penetration tests (social engineering and risky behaviours), conduct risk profiles, perform behavioural audits and provide advice to ensure that your organisation has a more robust defence – a human firewall.
Our social engineering and risky behaviour investigations not only highlight potential people vulnerabilities, they may also expose weaknesses in your processes and physical aspects such as your premises. For example, official procedures may have become informal with exceptions creeping in over time that can be exploited. Processes may not follow guidelines such as General Data Protection Regulations (GDPR).
As with people investigations, we can supply Learning & Consultancy to embed necessary changes within your organisation. For example, we can provide advice to reduce risky behaviours that social engineering preys upon.