Is your organization in need
of a Penetration Test?

Drummond and our team of highly qualified security professionals can help. We will identify the key threats to your organization, the assets that are at risk, and the malicious entities attempting to compromise them. Our team of experts employ a trusted methodology and advanced techniques to help identify and exploit network-layer and application-layers vulnerabilities, such as software and system configuration flaws, programming flaws, operational security gaps, and inadequate defensive technology.

Drummond’s methodology goes far beyond simply deploying automated tools and technology. It includes human intervention, expert knowledge, and manual exploitation allowing us to best simulate a real world attack. By implementing sophisticated penetration tests, you can confidently secure your data and your customers’ data from advanced persistent threats and malicious attacks.

When it comes to any of our Security and Penetration Testing engagements, we do not take a “one size fits all” approach. Drummond understands that every organization has unique technical environments, operational challenges, and varying levels of security program maturity. Whether you require a Penetration Test to be performed as a result of a compliance mandate, or you are following security best practices, we make sure to understand your organization’s goals, your technical environment, the critical assets to be protected, and the expected deliverables of the engagement.

The Penetration Test at its core includes the following:
• Vulnerability Assessment        • Exploitation

Additionally, the following services may also be included:
• Authenticated Scans/User Privilege Escalation • Password Cracking
• Network Security Architecture Assessment • Social Engineering
• VoIP Assessment • Wireless Assessment • Database Assessment
• Quarterly Vulnerability Scans

The results of the Penetration Test will include actionable recommendations to help guide and determine the appropriate management action and priorities for managing technical information security risks, and for implementing controls selected to protect against these risks. The process of assessing risks and selecting controls may need to be performed a number of times to cover different parts of the organization or individual information systems. Upon completion of a Penetration Test, you will be provided with a detailed report that includes an overall risk rating based on a proven and well-known threat vector analysis. The overall risk rating will take into consideration the vulnerabilities identified, systems impacted, vulnerability risk score, complexity of compromise, possible attack vectors, and remediation steps. The reports are designed to help your management understand the severity, ease, and business impact of exploitation.

Learn more about Penetration Testing

A penetration test, also known as a pen test, goes beyond simply identifying and validating vulnerabilities—it is a full, manual exploitation; one that mirrors a real-world attack. The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities.

Vulnerability Assessment

The vulnerability assessment consists of network host discovery, information gathering, scanning hosts at the network-layer and application-layer with industry-leading commercial tools in search of thousands of vulnerabilities, and expert-level analysis. The vulnerability assessment can also include various types of optional testing such as authenticated scanning, user privilege escalation, and password cracking.

Social Engineering

Measure end-user response to phishing, spear phishing, spam, and other email threats. Even the most effective layered technical security architecture simply isn’t enough to prevent the compromise of confidentiality, integrity, and availability no matter the threat vector. The term “social engineering” has been used for years by hackers to describe the technique of using persuasion and/or deception to gain access to information systems.

Physical Security

The process begins with a characterization of the facility including identification of the undesired events and the respective critical assets. Guidance for defining a design basis threat is included, as well as for using the definition of the threat to estimate the likelihood of adversary attack at a specific facility.

Reduce your risk today!

For more information about our penetration test solutions and services or to receive a quote, contact us.

Download the datasheet.

The People of Drummond
are here to help!

Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your Privacy preferences. It is worth noting that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

Click to enable/disable Google Analytics tracking code.
Click to enable/disable Google Fonts.
Click to enable/disable Google Maps.
Click to enable/disable video embeds.
Our website uses cookies, some from third-party services. Define your Privacy Preferences and/or agree to our use of cookies.