Penetration Testing (PenTesting)

Our custom-tailored Penetration Testing service is specifically designed to support the Asset Management industry (regulated and unregulated) with key focus on anticipated financial industry threats. Completed within 2-3 weeks, this streamlined technical security testing process perfectly complements a cyber program evaluation while providing exceptional operational value. A key differentiator of our service is that we will comprehensively test your entire external and internal infrastructure.

Certified Professionals:

  • Our engineers are OSCP, CISSP, C|EH, QSA, GSEC, GCIH, GWAPT, and Security+ certified.

Compliance Requirements Include:

  • Our methodology satisfies NIST, PCI, HIPAA, FISMA, ISO 27001, GLBA/FFIEC, CIP Top 20, SEC, FINRA, CFTC, and NY DFS NYCRR500 requirements.

Types of Penetration Testing Offered:

  • External Penetration Test
  • Internal Penetration Test
  • Wireless Penetration Test
  • Social Engineering Assessment
  • Web Application Testing (WAT)
  • Vulnerability Assessment
  • Mitigation Validation Retesting

Vulnerability Assessment

A security testing process where our assessment team defines, identifies, classifies, and prioritizes vulnerabilities (e.g., weaknesses) within an organization’s network and assets. Key objective is to provide the organization the necessary knowledge, awareness, and risk background to understand the threats to its environment and react appropriately.  This testing process will also identify the health of your enterprise software patching and upgrades.

Mitigation Validation Retesting

As an add-on to PenTests, Vulnerability Assessments, or Web Application Testing, BW Cyber’s assessment team can conduct an additional phase of security testing once your organization’s IT support team has addressed initial findings. This extra round of testing ensures that none of the risks remain within the environment. This will help the organization be assured key concerns have been mitigated. Upon completion of the Mitigation Validation testing, the Security Assessment Report will be updated to show only the weaknesses which persist in the system.

Web Application Testing (WAT)

Web Application Testing is an ethical attack simulation that is intended to expose the effectiveness of a website’s security controls. In this assessment, BW Cyber’s team will highlight risks posed by actual exploitable vulnerabilities in a website.

Cloud Hygiene Assessment

Generally cyber hygiene is determined as the means to appropriately protect and maintain IT systems while implementing cyber security best practices. With the mass migration to public cloud services, organizations often do not appropriately ensure the data processed and stored in the cloud solutions is adequately protected. Misconfiguration of cloud environments can put your data at risk and further may your organization may not be in compliant with regulatory requirements and expectations.

If your organization processes or stores data in cloud-based environments (e.g., Microsoft O365 & Azure, Google G Suite, Amazon AWS, etc.), a Cloud Hygiene Assessment will validate how sensitive information is protected. BW Cyber’s specialists will perform a review of critical safeguards such as:

  • Access Control
  • Auditing
  • File/folder Permissions
  • File/folder Sharing
  • Filtering
  • 3rd Party Application Integrations
  • Data Retention
  • and others.

Upon completion, your organization will have explicit recommendations to consider implementing that will further protect the data you have processed and stored in a cloud environment.

Answer These 7 Questions to Ensure Your Workforce is Protected