• Penetration Testing in Oklahoma City

  • Penetration Testing is a service Crossroads Information Security offers that tests effectiveness of the security controls in your organization. Our penetration testing services have three options to choose from:

    Red Team Engagement: This is the traditional approach to penetration testing. Our team attempts to gain access to your organization’s network by exploiting external facing systems such as web servers and other systems.

    Red Team engagements also included attempting to gain access by social engineering, phishing, and gaining physical access to the premises. This approach helps test and determine the overall effectiveness of your security program and security awareness.

    Purple Team Engagements: This is the approach we recommend to clients with a maturing information security program. Purple Team engagements involve the red team and the security team of the organization working together to better identity and defend against well known attacks.

    For example, the red team might emulate a well known advanced persistent threat while the organization’s information security team looks for signs of the attempted attack. This approach helps better prepare your security team to defend the company network.

    Assumed Breach Engagement: This approach starts out with our penetration testing team already inside the network. By starting out with access to the network, we then try and access systems, databases, file shares, and accounts the same way an actual attacker would.

    This approach helps determine if your access controls, monitoring, logging, and alerting can detect an actual breach. This is a beneficial approach to effectively test the effectiveness of a security program.

    Penetration Testing and Compliance Audits

    One of the main drives for penetration testing is to ensure your organization’s security controls are in compliance with regulations such as PCI, GLBA, HIPAA, and many other compliance frameworks.

    If your organization is not subject to a particular compliance framework, we can test and audit against popular security and control frameworks such as the NIST CSF, CIS Controls, NIST 800-53, and the ISO 27000 series.

    In the event your organization does not have a formal security program, or is following a security or control framework, we can help you get the process started with our Virtual CISO services.

    A Virtual CISO helps you plan strategically for security in a way that makes sense for your organization.

    Penetration Testing Schedule

    A mistake that many organizations make is to get a single penetration test and assume they are secure from that point forward. Another mistake is to assume because you are in compliance with a certain regulation means that you are also secure. Compliance does not equal security.

    The threat landscape is constantly changing and security has a short shelf like. We recommend that our clients have at minimum an annual penetration test. For higher value targets and industries, we advise an quarterly penetration test. This is especially important in environments that are constantly changing.

    Testing Costs

    Penetrating testing costs depend on the type of engagement, the size of the organization, and the number of information assets the organization has. Prices can vary from $5,000 to $25,000 depending on the scope and rules of engagement.

    A full network penetration test is on the more expensive side, while a web application penetration test could be as little as $2,500.

    All pricing includes testing, reporting, and a follow up meeting for remediation verification and discussion.

    Frequently Asked Questions

    Q: How do we get started with a penetration test?

    A: Call 405-772-0224 or use the contact form on the site to schedule a consultation for scoping and rules of engagement.

    Q: Do we need to meet in person, or do you need to come on site?

    A: That depends on if you want physical access to the premises tested. For most engagements the process is handled entirely remote.

    Q: How long does a penetration test last?

    A: We like to schedule tests for at least 2 weeks a minimum.