Penetration Testing

CUProtect™ Penetration Testing service is designed to help you understand the real business impact of your information security posture and practices.

About CUProtect™ Penetration Testing
During a CUProtect™ Penetration Test, MSI information security experts "attack" your network in the same manner a "hacker" or someone with malicious intent would.

If access to systems is obtained, the MSI team will continue to leverage that access to delve deeper and deeper into the infrastructure of the site. The team will map, document, and exploit resources exposed to them as they focus on the very core of the organization.

Each step of the penetration testing process is handled with the utmost care for the client’s systems and their data. MSI offers very granular service options, allowing you to define attack strength and out-of-bounds areas as you see fit. MSI keeps you continually advised as to the status of the exercise and you are free to stop the exercise at any point.

Service Deliverables
The results of your CUProtect™ Penetration Test provide a foundational view of your security posture and deliver the necessary mitigation strategies you need to move forward.

Deliverables include an executive summary that expresses your business risk using MSI's unique Weighted Business Risk, a technical manager's summary that details the technical nature of the risk and it's seriousness, and a full technical details report that includes findings and mitigation strategies in full detail.

For NCUA insured credit unions, MSI reports are formatted in a manner that is expected by auditors, and easy for executives, the board, or responsible comittees to digest.

CUProtect™ Penetration Testing Differentiators :

Technical Excellence
CUProtect™ Penetration Testing uses two key technical differentiators. The first difference you'll appreciate in our testing is our service methodology. MSI's Penetration Testing methodology was developed for use in very sensitive network environments. MSI can now leverage this experience and deliver our superior methodololgy as part of your SecureAssure Penetration Test.

MSI's Distributed Assessment Platform (DAP) allows your testing to be more thorough than any other similar service. DAP's proprietary correlation database also removes more "false positive" results than traditional testing services, resulting in a more accurate view of your security posture, and a stronger mitigation strategy.

Expert Involvement
Because our methodology was designed for use in top-secret networks, MSI Penetration Testing is also more manual than any other testing service. MSI always assigns two senior security experts to each engagement to perform testing. Lower level technicians play only minor roles in service delivery.

Value-Added Service Features :

At no additional charge, MSI offers our clients two additional features, Network Device Review and Threat Intelligence and Notification services.

Network Device Review
At the completion of your testing the MSI security team will review the rulesets of one network device critical to the security of your network, like a firewall or intrusion detection system. MSI will review the ruleset for any possible configureation errors or performance inhibiting issues.

Threat Intelligence and Notification services.
At the vulnerability assessment phase of your penetration test, MSI will capture and store the information gathered on the hosts we examined on your network. For a year after your testing, MSI will monitor emerging and existing Internet threats, vulnerabilities and exploits - notifying you when a threat or attack appears that could affect your systems. Included in this notification is a mitigation strategy for your systems.

CUProtect™ Penetration Testing Options :

Service Options include: Dial-UP/RAS testing, Wireless testing, and Social Engineering. Testing parameters are exteremely granular, allowing you to decide how in-depth your testing will be.