Network Vulnerability Assessment & Penetration Testing
Get inside an adversary’s mind to see how they would exploit your business. Then beat them in their own game.
Scans only check for open doors. We walk in.
Here we don’t just run scans to find open doors in your network, we also run attack simulations to get inside.
Pentest experts, delivered.
Cadre gives you access to a team of highly-trained, specialized and experienced white hat hackers. Working with independent vulnerability and penetration testers, Cadre is able to provide unbiased guidance during your testing.
Backed by insurance.
In the event that you get hacked after a pentest, you have recourse. Our penetration testing partners carry two levels of insurance, business liability as well as professional liability.
Using an adversarial mindset, ethical hackers complete deep research into your network, crack it, then give you the blueprint. We can help you work backwards from the results to bolster existing protections.
Internal vs. External Penetration Testing
Assessments need to be as dynamic as the threats you face today. After Open-Source Intelligence Gathering & Reconnaissance (OSINT), we’ll complete both internal and external testing.
FAQs
What should I expect from a penetration test?
The goal of the assessment process is to expose vulnerabilities that could lead to a potential loss of sensitive data. This is done through a three-step process.
Step 1: Examination of your network structure and identification of all network ports and security conventions
Step 2: Begin scans, attack vectors, and manual efforts adversaries use to steal data, redirect payments, and hold your company ransom
Step 3: Provide a comprehensive report and recommend remediation measures to harden your security
How often should I complete vulnerability and penetration tests?
It is a best practice to complete a vulnerability and penetration test by a third-party once a year. For regulated industries, twice-annually.
Why does Cadre use third-party pentesters?
Our third-party penetration testers bring an unparalleled level of expertise because is their ONLY business. They do not sell hardware, software, managed solutions or products. This gives customers peace of mind that findings are completely objective and in their best interest.
What is Open-Source Intelligence Gathering & Reconnaissance (OSINT)?
This phase of the test gathers information derived from Open-Source Intelligence Tools. This information is publicly available and is obtained with no intrusive efforts. Internet sources are mined for data and analyzed to produce actionable intelligence. OSINT sources are used to determine the relationship between people, groups of people (social networks), companies, organizations, websites, phrases, affiliations, documents and files. The application can also be used for determining the relationships of internet infrastructure such as domains, domain name services (DNS names), net-blocks, and IP addresses.
Is anything off limits?
Our penetration testing partners are extremely thorough, but will NOT perform Distributed Denial of Service (DDoS) testing against your systems.
Will testing disrupt my production business services?
Cadre works with clients to set clear testing dates for performing assessments so there are no surprises. Our tests do not intentionally interrupt production business services. However, if your systems are poorly configured or maintained, even the most passive types of testing could impact operations. Should an interruption occur, you will have a direct line of communication with the engineering performing your test as well as a Cadre liaison to work through any issues.
