CNS Hut3 - The Penetration Testing Experts
At CNS Hut3 we're experts in performing and managing external penetration testing on behalf of our clients. We help evaluate and manage the risk of external attacks through a simple, clearly defined process.
There is more information about our penetration testing services below, however if you'd like to have a chat with one of our experts feel free to call us on or get in touch online.
Next Generation Penetration Testing
CNS Hut3 Next Generation Penetration Testing combines and enhances all the positives of Manual Penetration Testing and Automated Vulnerability Scanning, eliminates any of the negatives of both then layers effective remediation management (facilitated by the Hut3 Risk Profiling Algorithm) over the top. The service is an on-going Dynamic service that provides compelling perimeter monitoring using our continuous testing services
Here at Hut3 we've performed tens of thousands of Penetration Tests over the years and we've seen it all. What we see a lot is clients not getting the most out of their Penetration Testing or Vulnerability Scanning.
Common Issues solved by Next Generation Penetration Testing
- Issues & vulnerabilities repeat every year
- Resolved issues reappear every year
- In remediation there is a clear disconnection between Application and Server Team - e.g Server Builds
- Reports identify too many issues - remediation time is spent chasing relatively low level risks, not dealing with the root cause.
- Tests/ Scans are not a realistic attack - its not what hackers would do.
- Reports provide an objective view of the risks, value of data and assets. It is Pen Tester Centric not the client view.
- Customer has limited resources which need to be spent in the most efficient manner.
- Current test reports individual vulnerabilities and doesn't group or categorise them.
- Often it takes 12 months (with change cycles) to fix things.
- Lots of things changing all the time - vulnerabilities, Network, Apps, IP ranges etc.
- New vulnerabilities are found in each test so effectively the results be dramatically out of date very quickly.
- Reports are about individual vulnerabilities not overall risk
- Risk is about something bad happening, not a technical issue.
Next Generation Penetration Testing is about giving the client context for the risks associated to the vulnerabilities found either individually, collectively or specifically to a host, data set or system. Using the CNS Hut3 Risk Profiling Algorithm, customer-centric risk factors, industry information and the CNS Hut3 Cyber Intelligence Network
we are able to identify and priortise where the clients precious resources should be sent in order to get maximum risk reduction for minimum effort.