Over the years, pen testing and vulnerability testing have become commodity services where many companies are more interested in being able to demonstrate that a test was performed rather than looking at the details and becoming compliant under corporate policy regulatory compliance law and industry best practices. In a sense, one can see why price is often a consideration for these tests. The quality of each test is often defined solely on the quality of the tester performing the tests.

When looking for an organization to perform either a penetration test or a vulnerability assessment, or both, it is important to find an organization that leverages an industry accepted framework that allows for a holistic or complete view of the infrastructure regardless of who is actually performing the tests. As in auditing in general, sustainable and repeatable results are a key indicator of the company that considers these types of tests a core competency.

At 360 GRC Inc., our flagship product Manchester was designed specifically to locate configuration flaws that could be exploited by either internal or external attacks. The software looks at the configuration files themselves to locate potential risk areas and provides remediation plans to patch, if you will, these areas to reduce the overall risk exposure. In order to develop such a program that can locate incorrect configurations and missing configuration values, experts within the area of network and infrastructure security must be present on the team.

Using Manchester, or its sister cloud computing product iFixIT, in conjunction with subject matter expertise in SQL, Windows, Linux/UNIX, VMware, and general industry best practices sets us apart from our competition. As we use these same types of servers in similar appointment architecture as many of our clients we have been able to identify and remediate items quite quickly. While our entire staff does not participate in penetration/portability testing, our collective backgrounds have contributed to a body of knowledge that far exceeds what one might typically find in even a larger company that performs similar tests. Relying on the OSSTMM model to help govern our "process," is easy for our team to duplicate the attacks or vulnerabilities found during our engagement.

A security breach to your organization's computer systems may cause:

Regulators, shareholders, clients and business partners, as stakeholders, mandate that information systems must have adequate internal controls and are effectively addressing security challenges. Needless to say, a security breach can be very embarrassing and costly. Are you willing to allow your organization's systems to become the next easy target for hacker's to attack and exploit?

The old saying "you get what you pay for" typically rings true in almost all cases. At 360 GRC, we are able to offer lower rates to our clients specifically because of our subject matter expertise. Our standard tester or "hacker" has over 20 years of experience in the IT world with at least 10 years of experience "hacking" in support of compliance law. This allows us to spend our time knowing specifically where key vulnerabilities are typically known to reside. This does not mean we skip over other areas, only that our time to identify and remediate is often 50% less than our competition with a far more superior deliverable created by 360 GRC Inc.

With a staff consisting of the industry's most sought certifications in addition to the many vendor specific (Microsoft, Oracle, etc) certifications and training, you can rest assured that your infrastructure will be tested properly, thoroughly, and with specific remediation items prepared all contained in a single report. Please contact our sales team to help identify what needs to be tested, for what type of compliance, and the timeline he needs to be completed in. In most instances, 360 GRC testers can engage in about a week of lead-time.