+44 (0)203 222 4060 || +94 (0)76 747 7799
"A secure system is only as secure as its weakest point"
Did you know that most companies go out of business within six months of being a victim of a major cybercrime? Could your businesses recover from a data breach and deal with the financial burdens and reputational damages associated?
With the ever increasing number of cyber threats and the sophistication of the attacks, businesses and their IT teams are struggling to keep up to protect their intellectual property, financial information and customer data. If you don’t take action it’s just a matter of WHEN you are going to be hacked and not, IF you are going to be hacked!
Ask yourself these questions:
Do I regularly assess my business’ IT risks and vulnerabilities?
Have I done enough to protect my business from hackers?
Do I know if my systems are secure?
If you are not sure on the answers to any of these, then read on to see how we can put your mind at rest by helping you to secure your business.
Penetration testing also known as pen testing is a security practice that simulates an attack by a real cybercriminal to bypass the security controls of computer systems, networks or applications. It helps to discover different types of vulnerabilities and risks to the business that can measure an organisations resistance to an attack. Read More
With our remediation service we are able to step in and look into assisting with these challenges and help by providing a tailored solution plan or in addition implement the solution, to eliminate the threats highlighted in the penetration report generated by us or your security company. Read More
Vulnerability scanning is a process that defines, identifies and classifies a wide range of vulnerabilities in an environment. This can be a combination of both manual and automated processes conducted by a technical engineer with an information security background. Vulnerability scanning can be used as the first step to improving the security posture of an organisation. Read More
At Meta Defence Labs we offer you initial consultation, design, implementation and maintenance of your WAF. As your WAF service provider we will be able to offer you reports and statistics on your online services and the types of attacks being blocked. Read More
What is a Pen Test?
Penetration testing also known as pen testing is a security practice that simulates an attack by a real cybercriminal to bypass the security controls of computer systems, networks or applications. It helps to discover different types of vulnerabilities and risks to the business that can measure an organisations resistance to an attack.
It is carried out based on a written contractual agreement between the tester and the business owner. It requires various levels of expertise and tools to perform a Pen test and is performed by a certified ethical hacker. Most pen tests are carried out from outside your business environment, but it can also be done from inside the network to simulate an insider attack to estimate the damage of a disgruntled employee.
Pen tests are suitable for businesses that believe they already have the preferred security posture and are wanting to test if someone can break in, and what the level of risk is.
A full report is given at the end of the penetration test detailing all the weaknesses found and graded according to severity. A guide is also provided with suggested remediation steps.
Different approaches to pen testing
Black Box Testing
In Black box testing, the tester has no prior knowledge of the system, its design and the features. This knowledge will be acquired by the tester only during the assessment. The test is unbiased as the designer of the system and the tester are independent of each other, therefore this approach simulates a real world hack attempt and could find new attack vectors that were never conceived of before. Possible downsides could be that some attack vectors could be missed and the test team inadvertently targeting a live subsystem that is business critical.
This test is conducted over a series of days, and gives you an overall picture of your company’s preparedness for real world hack attempts. A full report is given at the end of the black box test, all data is returned and no copies are kept. We can work through the test results with you and help draw up strategies to help protect your data and strengthen the security posture of your business.
White Box Testing
This approach simulates possible attacks from an insider. The test team will be provided with as much information as possible about the system so that knowledge will help to target specific internal controls and features and identify test cases. White box testing has the benefit of doing a deep and thorough test on the system while making the best use of time. Also extend the attack vectors where black box testing has not reached.
Grey Box Testing
Positioned somewhere in between black box and white box testing approaches. This method helps to mitigate the downsides of the other two. Some information is provided to the test team to channel their efforts towards areas that need to be thoroughly tested while still maintaining a level of realism for a real world simulated attack
Why do you need a pen test?
Cybercrimes are ever increasing, hacking tools and information on exploitable vulnerabilities are easily available online that anyone with malicious intentions can launch an cyber-attack against your business to cause damage A pen test helps you find vulnerabilities and fix them before an attacker does.
Most businesses make the mistake of thinking they are safe from cybercriminals without doing an assessment. So a penetration test can be used to identify dangers that you haven’t detected yet.
Sometimes businesses are not aware that they are being hacked and already loosing valuable data. If your data has already been breached a Pen test can help to uncover such problems you didn’t know existed
With fast evolving IT environments it’s common that vulnerabilities and natures of attack are also evolving. These kinds of problems can be eliminated with constant assessments.
Maintaining the security posture involves frequent and comprehensive testing on the systems. With Pen tests offering independent view of the efficiency of security procedures businesses can act to safe guard their assets
Contact us for a quote
Contact us for more information about our services or a free consultation. Alternatively call and speak to an expert on 02032224060
Pen Test Types
We offer two kinds of Penetration test plans.
A one off service or a subscription based service; that can be subscribed to on an agreed schedule that will actively search for new weaknesses in your online services and business processes. This is an innovative new approach to penetration testing and is highly recommended as new vulnerabilities are being released every day.
Web Application Penetration Testing
Internal Penetration Testing
External Infrastructure Penetration Testing
Having world class security software, hiring the best people and deploying the best policies and procedures to secure your business is great, but if you don’t regularly evaluate the effectiveness of those processes you have in place your security will not last long and will be less effective over time. In order to maintain a good security posture, businesses need to continuously assess and improve their security measures.
What is a Vulnerability Scanning?
A vulnerability assessment is a process that defines, identifies and classifies a wide range of vulnerabilities in an environment. This can be a combination of both manual and automated processes conducted by a technical engineer with an information security background.
Vulnerability scanning can be used as the first step to improving the security posture of an organisation. Therefore suitable for businesses that understand they already have weaknesses in their security systems and need help identifying and prioritising the remediation tasks. We will produce a detailed report on a prioritised list of vulnerabilities and how they can be fixed.
These scans are just a point-in-time snapshot of the environment in a constantly changing landscape where new vulnerabilities can arise. To ensure constant improvements to your organisation's security posture, these scans should be carried out regularly. Better-protected, lower-priority and less-at-risk parts of the environments may need less scanning. Sometimes only once or twice a year. Highly-vulnerable or high-priority systems should be scanned nearly continuously.
What We Offer
One off Vulnerability scans for your infrastructure and applications where we provide you with a detailed report on a prioritised list of vulnerabilities and how they can be fixed.
Subscription based Vulnerability scanning is a service that can run on an agreed schedule and can be done daily weekly or monthly. This process is highly recommended as it is more cost effective and helps you improve your company’s security posture.
Web application vulnerability monitoring is an offering that includes monitoring of your company’s web applications for vulnerabilities and evaluates how severe the potential impact would be should an attacker decide to exploit the system.
As new vulnerabilities are announced regularly, Meta Defence Labs preferably offers these services are run on an agreed regular schedule. We recommend remediation steps and can even implement them for you if agreed, to address any new vulnerabilities discovered.
SSL and cipher suite test
Call us for a SSL and cipher suite test to identify the current level of security on your internet facing https services. We will send you a customised security report with our recommendations based on the results of the test.
Why should you run an SSL and cipher suite test against your web servers?
To answer this question we need to remember that the Internet as we know it today did not start like this. There were a few versions developed over the years of the hypertext transfer protocol or http as it’s more commonly known. On top of this https was developed which was supposed to be the secure encrypted version of http. But this also had many versions of something called Secure Sockets Layer, more commonly referred to as SSL. SSL in turn had many different ciphers introduced over the years.
The reason for all these iterations of HTTP and SSL is that there were many bugs discovered in the previous versions, additionally computing power has advanced so much over the years that what was top of the line encryption back then is now possible to crack in minutes on a common PC.
So we have all these previous versions of SSL that by default are still enabled on most of today's web servers for compatibility and ease of use reasons.
To answer the original question, we need to test what SSL versions and ciphers are allowed to run on our servers today, because if an old version has been left enabled, a hacker could use this to decrypt all your traffic running through that server.
Post Penetration & Remediation
What is Post Penetration & Remediation?
After completing a vulnerability scan or a penetration test, you will receive a report that typically details vulnerabilities and threats discovered on your infrastructure, graded according to severity. These Vulnerability assessments by itself solves nothing, you need to act on its advice by implementing some sort of remediation plan to improve your business security before the cyber criminals get to them.
Why It's Important
It is vital to look at the vulnerabilities and challenges highlighted in your company’s infrastructure to prevent malicious activity on your systems. With our remediation service we can provide you with a quick and prompt solution on highlighted vulnerabilities. Working cross platform and network, Meta Defence Labs have the expertise to provide this service across your company without overlooking any detail. Meta Defence Labs have noted from experience that some companies that are not in the IT sector lack some understanding on security and need assistance in securing their infrastructure.
What we offer
With our remediation service we are able to step in and look into assisting with these challenges and help by providing a tailored solution plan or in addition implement the solution, to eliminate the threats highlighted in the penetration report generated by us or your security company.
Web Application Firewall (WAF) Support
With the ever increasing web threats to businesses keeping websites and data safe can be challenging for IT teams. We can help you configure your Web Application Firewalls (WAF) to make it easier for you to be prepared and be resilient for any cyber-attacks by minimising the risks of compromising your data security that can disrupt your business activities. The problem with data breeches is that not only you lose your data you also lose the trust relationship with your clients that could potentially lead to your business going bankrupt.
What Is Web Application Firewall (WAF) Support?
Why Use WAF?
A WAF is an ideal solution for you if you have vulnerable services or poorly coded sites that do not validate input data or are running at high risk.
This will benefit any organisation that has mission critical applications that hold critical data.
Offers security in a way of not just blocking ports but actually inspecting packets to look for correct requests coming from correct hosts to protect the organisation.
Implementing our WAF solution is that it does not require any down time to your service.
What We Offer
We recommend using a physical WAF device if your web servers are physical, but in many cases a virtual WAF can provide the required protection for cheaper if you already have a virtualised environment.
At Meta Defence Labs we offer you initial consultation, design, Implementation and maintenance of your WAF.
As your WAF service provider we will be able to offer you reports and statistics on your online services and the types of attacks being blocked.
Depending on the type of WAF you pick we could also help you secure other applications such as web mail for you to securely access on the go.
A WAF is a device that acts like a more advanced and intelligent firewall that filters out the malformed data of malicious attacks to your environment, checks for valid input before forwarding on to your environment. Some of these attacks include;
Distributed Denial of Service DDOS