White Oak Security is able to identify critical network vulnerabilities and provide guidance in remediating these important risks
Your organization’s network security is paramount to protecting your customer and employee data along with your intellectual property. Although your network team has likely been focused on security for years, malicious actors have not stopped innovating and adapting, and it remains critical that both your internal and external network environments undergo penetration testing for both security and compliance assurance.
White Oak Security utilizes cutting edge tools and manual techniques paired with years of industry experience to uncover weaknesses in your organization’s network security. Our approach addresses both security and compliance issues and we will work with you and your team to prioritize issues and identify the most effective and efficient manner of remediation.
Our team's standard testing process for both internal and external penetration testing exceeds requirements for all relevant compliance requirements including PCI. As with applications, White Oak is able to provide ongoing testing programs to address requirements like PCI DSS Requirement 11.3.
External Penetration Testing
An external penetration test on networks and host systems is critical for testing your first line of defense. An External Penetration Test consists of vulnerability scanning of targeted systems, automated and manual identification of remote OS and system-based vulnerabilities within target systems.
Our External Penetration Testing process follows the Penetration Testing Execution Standard (PTES) Guidelines. This is a well-accepted standard that ensures that the infrastructure testing is thorough and follows industry standards.
Internal Penetration Testing
An internal penetration test on networks and host systems is extremely important for testing the security of your internal network, including segmentation testing for compliance with PCI requirement 11.3. An Internal Penetration Test consists of vulnerability scanning of targeted systems, automated and manual identification of remote OS and system-based vulnerabilities within target systems.
Careful handling of tools and manual testing techniques is very important with internal testing as experience is required to ensure that no internal services are impacted during testing.
Our Internal Penetration Testing process also follows the Penetration Testing Execution Standard (PTES) Guidelines.
PCI Penetration Testing
Although our standard External Penetration Testing and Internal Penetration Testing services cover PCI requirements, in some cases our clients' require PCI-specific internal segmentation testing. White Oak certainly provides this type of testing for clients and this can be included as part of any Internal Penetration Testing or as a separate engagement.
With the most recent changes to PCI testing requirements our clients' often ask us to provide this testing on a 6-month schedule and to incorporate this testing into a broader Internal Penetration Testing program.