-
-
Cloud Computing
-
Multicloud
-
Platform Services
Cloud ComputingFlexibly scalable IT infrastructure powered by ITGLOBAL.COM and hyperscaler clouds.
MulticloudEnvironment of maximum flexibility provides broad opportunities to use the cloud constructs of different origins.
Platform ServicesSolutions for any business needs and flexible workload management.
-
-
-
Managed Clouds
-
IT Management Services
-
Managed DevOps
-
Managed Kubernetes
-
Managed Databases
-
Managed Networks
Managed CloudsFlexible, powerful, and secure solutions powered by hyperscalers and managed by ITGLOBAL.COM.
IT Management ServicesWe provide clients with 24/7/365 IT management service, which includes monitoring, support, maintenance and management.
Managed DevOpsManaged CI/CD, Docker and Kubernetes.
Managed KubernetesKubernetes clusters we help to build and implement.
Managed DatabasesDatabases we create, setup and manage.
Managed NetworksNetwork infrastructure management and monitoring.
-
-
-
Virtualization Solutions
-
Technology partners
-
Telecom Solutions
Virtualization SolutionsSolutions for efficient use of infrastructure resources.
Technology partnersITGLOBAL.COM carefully chooses the most promising technology partners and assists companies in integrating their solutions.
Telecom SolutionsPackage solutions for telecom: traffic inspection and packet filtering
-
Pentest
Simulation of targeted attacks to identify vulnerabilities in IT infrastructure
About
A penetration test, or a pentest for short, identifies weaknesses in the corporate network security and network infrastructure elements. It analyzes external and internal threats and vulnerabilities with automated tools to check, if the penetration, including manual hacking methods, is possible.
The final test results are listed in the detailed report. The report includes the description of vulnerabilities, their criticality, and recommendations on how to eliminate them.
The following goals are met during a pentest:
Check if an ordinary staff member can access confidential information
Find information security vulnerabilities and ways they can be exploited
Check if a staff member can escalate their own privileges
Develop recommendations to address detected vulnerabilities
Check if the local network can be accessed from the outside
Details
The testing methodology is developed individually for each customer and must be approved. However, the best industry practices, such as NIST SP800-115 and OSSTMM, are always considered as a basis.
Main pentest goals
- General test of the organization’s information security.
- Compliance with different standards and regulations. For example, organizations that process payment card data must carry out an annual check against PCI DSS Requirement 11.3. The test scope must cover the whole perimeter of cardholder data environment.
Tools
Multifunctional vulnerability scanners such as Nessus and Burp Suite, which detect “holes” in applications, operating systems and corporate networks
Manual testing, when a pentester tries to compromise protection through the browser’s address bar and exploit vulnerabilities in operating systems, software, hardware, and so on
Professional software, for example, utilities from Kali Linux distribution: Metasploit, Nmap and others
Testing stages
-
External Security Analysis—Black Box model
ITGLOBAL.COM specialists use the Internet to organize a series of attacks through the customer’s public resources.
-
Internal Security Analysis—Grey Box or White Box model
The customer provides remote access to their internal network, using a VPN connection, for example. Attacks are made using ordinary staff rights.
-
Preparing a pentest report
The report covers the testing methodology, test objects, detected vulnerabilities, their criticality, and includes recommendations on how to address them.
Advantages
An opportunity to prevent incidents that can violate the company’s reputation and compromise customer safety
Compliance with PCI DSS and other standards
Using up-to-date tools that simulate all known types of attacks
Not a theoretical security test, but a practical one
Reducing the risks of information leaks and unauthorized access
Detecting all critical information security threats
Get in Touch
Have a question or interested in learning more how IT can help your business? Please connect with us.