Ethical Hacking and vulnerability assessment - BT Assure Ethical Hacking

Ethical Hacking and vulnerability assessment - BT Assure Ethical Hacking Ethical Hacking and vulnerability assessment

BT Assure Ethical Hacking

Get in touch

Overview

Are you fit to resist today’s security threats?

The global threat environment facing most organizations today is creating a serious challenge for organizations of all sizes. Find out just how well prepared your applications and network are to resist these attacks with Ethical Hacking services from BT. We’ll perform a vulnerability assessment of your applications, network, vehicles, people, procedures, policies and may, on your request, exploit the identified vulnerabilities. This step, often called penetration testing or pentesting, is performed to demonstrate the consequences when these vulnerabilities were found and exploited by an attacker.

Highly skilled, financially motivated hackers and criminals are targeting organizations of all sizes, including household name companies, and in the process causing financial loss, loss of customer trust, and damage to brand and reputation, which is very hard to recover.

Have you considered the potential reputational and financial impact of a successful attack on your organisation?

Assure Ethical Hacking benefits.

Our approach is simple and aims to answer the question - how secure are your business critical systems that are in place to protect and grow your business?

Backed up by accreditation and our standardized methodologies, we can help you to identify vulnerabilities in your applications, mobile devices, vehicles, systems and the network that supports your business.

We work with you to review your current risks against your desired risk profile, and then provide a reliable, flexible road map that will help you manage your vulnerabilities.

  • Our global Ethical Hacking capability with more than 20 years’ experience combines the vast knowledge and experience of our consultants with proven methodologies.
  • Being a network operator we have specific and in-depth knowledge of network infrastructure devices and as a large company we use many server and workstation platforms, mobile devices as well as all kind of applications. These are thoroughly tested by our Ethical Hacking capability before being deployed on our network infrastructure, on which many international customers rely.
  • Our highly skilled consultants hold industry certifications like CISSP, CISA, GWAPT, OSCE, OSCP, OSEE, OSWE, OSWP, NCSC CHECK and CREST.
  • We are accredited for performing its professional services on a global scale by Lloyd's Register Quality Assurance for the ISO9001:2008 quality management system.
  • Holding the ISO9001 certification since July 2003 shows our long term commitment to continuously improve the quality of our services.
  • Other relevant certification programs are NCSC CHECK, ANSSI PASSI and the following CREST schemes: Penetration Testing and Simulated Target Attack & Response (STAR).
  • We are one of the largest security and business continuity practices in the world, with more than 2,500 security consultants and professionals globally that has been offering security and business continuity expertise to our customers for many years.
  • We are one of only a few organizations providing integrated network and security solutions both commercially and technically.
  • Analyst-recognized capability: “for the growing number of enterprises seeking a broader, integrated solution rather than treating security as an isolated silo, BT can offer a one-stop-shop security experience”. BT was ranked as “Very Strong” by Current Analysis (2016).

With BT’s worldwide Ethical Hacking capability our customers have the advantage of a partner with a broad view and enormous experience in every market segment which a local supplier lacks. Our global security testing capability is not only assisting our customers to protect their interests, but also used to protect the BT brand every day”
- Mark Hughes, President, BT Security

The details

Our Approach.

We have developed our own standardized methodology for carrying out all kinds of Ethical Hacking vulnerability assessments.

Our methodology is based upon industry standards, our own checklists, many years of experience, client requirement documents, our own best practices and other well-known references in publicly available resources, such as, forums, hacker communities, internet, etc.

The first step is to discuss your requirements, either by sharing a questionnaire via E-mail, phone or during an onsite meeting. Based on your requirements, we may issue an Ethical Hacking agreement together with a Statement of Work which describes the scope, deliverables, proposed planning, pre-requisites and associated pricing.

After approval from you, we start the Ethical Hacking vulnerability assessment. During the vulnerability assessment you will be notified via a status update report about the progress. After the actual testing has been performed, we will issue a preliminary report. Within 10 days we will present all identified vulnerabilities in a final report. Once we have issued the final report to you, you have 10 days to review and request any changes. Any requested changes will be discussed with you. Upon agreement, the final report will be updated and re-issued. If no changes are requested during this timeframe, the report shall be considered final and the project completed.

The reporting of identified vulnerabilities and recommendations (status updates and final report) is based on our Ethical Hacking Center of Excellence's (ECHoE) own process and templates. In order to guarantee high quality output, all deliverables go through a peer and document quality review.

The results.

During the testing, we will immediately report any high risk vulnerabilities identified via a status update report. When the testing has been completed, you will receive a formal report that will contain:

  • A detailed explanation of the testing activities that have been completed and the methods used by us to determine the results.
  • A listing of all identified vulnerabilities of your web application environment with a ranking of their level of risk based on the Common Vulnerability Scoring System (CVSS), the ease with which they can be exploited, and mitigating factors.
  • An explanation of how to mitigate or eliminate the vulnerabilities including enhancement of your policies, adoption of industry best practices, changes to security processes and enhancement to your security architecture if applicable.

Within 10 days after the conclusion of testing, we will present all identified vulnerabilities to you in a final report.

Availability

Assure Ethical Hacking availability.

Available globally.