1. What is the current threat situation?

Against the backdrop of a systematically intensifying threat situation (cf. BSI Magazine 2016/01, p. 36-38) and the increasing importance of corporate information, the risk-oriented protection of sensitive information and data must be an integral part of corporate strategy in order to secure the company’s success in the long term.

The prevailing threat situation manifests itself in the rise of attacks on sensitive corporate information (product specifications, customer data, sales figures, etc.) by hacktivists, hackers, competitors or states. In the course of increasing digitalization and networking of production workflows and service processes, the growing vulnerability of companies is facing a professionalization of targeted attacks on corporate information. The company’s internal risk potential is largely based on an insufficiently practiced information security culture, insufficiently qualified employees and the operation of historically grown structures with greatly increased complexity.

In addition to DAX-listed companies, medium-sized enterprises are also the focus of attackers, whose attacks jeopardize system availability, employee and system access data, and thus corporate reputation (bitkom reports). The effects of the attacks can cause considerable damage to companies and threaten their existence if suitable protective measures are not implemented.

1. Why should companies respond to the threat environment?

Security Penetration Testing looks at your business from a hacker’s perspective – without the associated risks to you. A security penetration test helps you answer important questions:

• Are your data and IT infrastructure effectively protected by appropriate security mechanisms and controls against attacks from inside and outside your organization?
• Has the risk profile of your IT changed due to the introduction of new systems or the networking of applications?
• Is the maintenance and upkeep of the security infrastructure designed in such a way that new attack mechanisms can also be reliably defended against?
• Can attacks be detected promptly and countered appropriately (incident response, forensics, communication and escalation)?
• Are the mechanisms for defending against attacks using viruses or ransomware effective?
• How security-conscious are your employees?

Threats do not result solely from the connection of IT systems to external networks, such as the Internet, but are often also due to sources of danger within the company.

Together, we develop and evaluate the internal and external threat profiles for your business processes, employees and IT systems. On this basis, we develop attack scenarios to conduct the Penetration Testing for the security of your IT systems with minimal risk to productive processes in the company.

• What is a Security Penetration Test?

Security Penetration Testing aims to identify vulnerabilities in IT systems of a defined target environment based on a systematic methodology. SPTs are conducted using the same techniques, tools and expert knowledge that real attackers/ Hackers use. Our experienced penetration testers use automated and manual testing procedures to efficiently present realistic attack scenarios.

In addition to technical analyses, the scope of a security penetration test can also include social level attacks to test the security awareness of a company’s employees with regard to information disclosure and the conscious or unconscious use of unapproved applications.

1. What is Teligencia’s methodology for conducting security penetration tests?

Teligencia has developed its own methodology for conducting security penetration tests, which focuses on the risk-based execution of the analyses and aligned within all industry relevants Standards and regulations as per the #ISO_27001, #OWASP_10, #IEC_62443-4-1 and #IEC_62443-4-2, #ETSI_EN_303645, #ISO_21434 and #NIST.

The Penetration Testing approach is basically on 4 steps:

• In Step 1, an actual assessment of the threat situation of your (Company, Systems, Products, Components) is created. The objective of the as-is assessment is to analyze the types of attacks, attack paths, attack probabilities and their impact on your IT systems and to derive the test implementation.
• In Step 2, baseline tests are conducted to uncover relevant vulnerabilities of active systems, network components and wireless networks and services.
• In Step 3 which is the attack phase. Using publicly available exploits or applying highly specialized attack techniques, Teligencia attacks selected IT systems in constant coordination with your company to identify potential vulnerabilities.
• In Step 4, the security penetration test is evaluated and assessed. The Final report explains the vulnerabilities identified and describes countermeasures to be introduced.

The entire Teligencia methodology for conducting security penetration tests is carried out using expert knowledge, “best practice” methods and standards (OWASP Top 10 (as of 2013), OSSTMM, BSI Penetration Test Methodology, WASC or SANS Top 25) and our experts are OSCP certified.

1. What security penetration test services does Teligencia offer in detail?

We offer a comprehensive portfolio of highly specialized services. The services listed below can be individually tailored and combined to meet your company’s needs.

• IoT Penetration Testing
• External network, system and service identification
• Web Penetration Testing
• External vulnerability scan of network components and systems
• Hardware Penetration Testing
• Infrastructure Penetration Testing (KRITIS Critical Infrastructure)
• Internal SPT of local infrastructures and networks incl. WLAN
  • Client systems
  • Server systems
  • Databases
  • Production systems (ICS, SCADA)

• Dedicated web application security penetration test / compliance test
• Social Engineering
• Source Code Reviews (all common programming languages)
• Hardware Analyses
• Reverse Engineering (Example: Embedded Devices)
• Protocol Fuzzing
• Malware Simulation
• Hardening review of different systems e.g.:
  • Client system (e.g. notebooks)
  • Server system/server image
  • Windows Group Policy
  • Telecommunication systems
  • Network components like routers and switches
  • Mobile Device Management

1. What is your benefit and Value proposition?

The analysis and test results of the Security Penetration Test provide detailed information about which targets could be successfully achieved from an attacker’s point of view and which measures are required to counteract possible threats. In this way, the Security Penetration Test makes a significant contribution to risk control in an area that is sensitive and at the same time difficult for most companies to assess.

Benefit from our analyses and assessments, which are specifically geared to your IT network systems and business processes. Attacks and their effects are presented by us in a verifiable and comprehensible manner in each individual case. Our technical and strategic recommendations provide you with information on how you can counter your security-specific challenges in the future and reduce possible consequential costs to a minimum.

As part of a security penetration test with Teligencia, a team of offensice Security experts tests your systems before real attackers do so without your knowledge. Quickly and with the necessary confidentiality, we help you identify vulnerabilities in your IT systems and the associated risks. Exactly where it is needed. We will not only show you vulnerabilities and risks, but will work with you to create viable and effective IT solutions for your business.

• Which industry sectors has Teligencia Security Penetration Testing covers?

As a full-service IT provider, Tligencia has successfully conducted a large number of security penetration tests in the past. The clients advised by Teligencia vary not only in size, but also in industry affiliation.

• Automotive industry
• IoT Industry
• Energy industry
• Financial sector
• Public sector
• Industrial production
• Technology, media and telecommunications
• Trade and consumer goods
• Rail, Transportation and Logistics
• Defense and Aerospsace Sector
• Healthcare and pharmaceuticals