Onyx security assessment services
Onyx’s tailored assessments have no equal in the security industry. The assessments methodology is based on military after-action reports and includes prioritized lists of issues, includes the damage potential, reproducibility, exploitability, number of affected users, and discoverability of each finding.
Individual, Home, and Travel Security Assessments.
Onyx provides on and off-site assessments that identify security vulnerabilities to high risk individuals.
Onyx experts locate difficult to detect vulnerabilities in individuals’ and their families’ mobile devices, computers, and “Internet of Things” devices while at home, at the office, or while traveling.
Executives are often secure at work, but when they leave the office for coffee, or go home or travel they become easy and valuable targets for nefarious actors.
Onyx’s assessments also allow us to understand our clients and their families’ day to day activities (cyber and otherwise) which will ultimately assist us in creating a strategy that secures, but not inhibit, lifestyle or is too onerous that our clients refuse to follow.
Our assessments often take into account vulnerabilities our clients never fully appreciate, such as their children being targets and ultimately avenues to their parents.
We learn exactly how vulnerable your most critical assets are to cyber-attacks.
We have found that the best way to stop attackers is to think and act like an attacker and so we employ good people who know about bad things.
Despite increased awareness by companies of their need for enhanced cybersecurity, an ever- increasing number of breaches continue to occur. Onyx’s assessments help give your organization a more accurate understanding of its cyber security weaknesses, thereby enabling you to identify and fortify vulnerable areas.
The first major concern executives have is where to even start in securing your business’s assets.
Knowing your vulnerabilities – and the ways in which attackers could exploit them – is the most important factor in improving your security program.
The best place to start is with a technical assessment of your current network. The technical assessment helps identify vulnerabilities and assess real business risk. A real-world attack simulation to test your people, process, technology and compliance can help you understand your exposures to the security threats. Policy and employee assessments help identify non- technical areas that need to be reviewed. Finally, a physical security assessment evaluates your business’s executive security, physical entry and access security, and vulnerability to non-cyber technical surveillance.
These assessments allow Onyx to understand the unique security needs of our clients’ businesses and ultimately develop a customized plan that matches their priorities. These assessments lay out the organizational, procedural and technical weaknesses opening the door to increasingly sophisticated cyber-attacks.
Onyx’s simulated attack exercises expose the known and unknown vulnerabilities by putting enterprise defenses under the same duress as in the real and evolving threat landscape.
Our approach goes beyond traditional penetration testing, since we have hunted threats from the world’s most dangerous adversaries and know what is most valuable to these attackers.
Penetration Testing (Vulnerability Assessments)
What is penetration testing?
Penetration testing is the practice of attacking your own IT systems, just as an attacker would, in order to uncover active security gaps on your network. It simulates an attack on your individual or company’s network to assess security and determine its actual exposures – whether in technologies, people, or processes – without taking down your network. Think of internal penetration tests as walking around your house and making sure all your doors are locked before leaving the house.
Onyx’s expert team will penetrate the defenses of our clients and/or their businesses in order to test the effectiveness of current controls and thoroughly document all of their flaws. Having real-world experience, we are able to safely replicate the potential actions of the most malicious attackers.
Even if your security team has penetration testing experience, most experts believe that a third party coming to your network with fresh eyes is more likely to spot potential problems. Familiarity with your own network can actually leave you blinded to possible security vulnerabilities when conducting on-site security testing.
These penetration tests also need to be repeated often. Onyx suggests that new penetration tests be run multiple times a year and also whenever you buy new equipment, install new software or make other changes to your network. A penetration test report is only a snapshot of your IT infrastructure at a single point in time, and it can become out of date very quickly, so we recommend frequent retesting.
Onyx’s clients only receive penetration testing by highly credentialed and well-respected testers in their field. We do not believe in one size fits all penetration testing and instead deploy specialist penetration testers that match your networks size and company’s industry. While there are many qualifications to look out for, including CHECK team leader, Offensive Security Certified Professional and Mile2 Certified Penetration Testing Consultant or Certified Ethical Hacker, Onyx goes a step further deploying individuals with years of elite government and/or military experience.
There is a wide array of different prices and descriptions of “penetration testing services” on the market. They rang from the use of simple automated tools to generate a canned printout to in-depth to exploitative penetration testing spanning multiple days or weeks. At Onyx, we can tailor our testing to your specific needs and clearly demonstrate what you will be receiving from each type of test.
Red Team Blue Team Exercises
Corporations also need to regularly challenge the quality of their cybersecurity defenses with red team- blue team exercises. Penetration tests and threat modeling, for instance, enables a red team to challenge lower-profile attack avenues to better understand their vulnerabilities. Defense-oriented blue teams, meanwhile, can help fix the security weaknesses unearthed.
Insider threat assessments
Most security-minded professionals think of a cybersecurity threat as originating outside the organization. But one of the most potentially damaging threats comes from trusted insiders, whether intentionally or unintentionally. Your home and business’s most dangerous threat likely comes from the inside. Onyx can help evaluate your company’s, subcontractor’s, and/or household staff’s access, trustworthiness and dependability. These insiders have access to your system, personal information, customer information, sensitive company research, insider memoranda and other confidential matters.
Employees, contractors and partners have authorized access to many valued information assets. An assessment of insider threat risk is an integral part of security for every individual and organization.
Social Engineering Testing
While some clients may want to restrict their penetration test to the technical testing of your IT systems, we strongly recommend including social engineering and phishing attacks to test your “human firewall.”
Social engineering involves an attempt to gain unauthorized access to information through the human element, thus assessing the effectiveness of an organization’s security training, policies and procedures. Examples of this include phishing emails, pre-texting, and baiting.
Hackers don’t care if 99% of your workforce doesn’t get fooled!
There isn’t a single greater threat to your home or business outside of email. Ransomware, malicious links, social engineering and other common scams all come in via email.
Our clients allow Onyx to send employees test spam to see what they are opening or clicking when they shouldn’t. This social engineering testing helps clients see how to focus their efforts educating employees.
Physical / Employee Security Assessments
Onyx provides physical security to homes, offices, servers, warehouses, pipelines, equipment, hotels, travel and executives.
Identity and Access Assessments
Relying on a technical team to monitor attacks isn’t sufficient. The human element is the weakest link in cybersecurity and is why Onyx also provides services such as physical access security and server/computer physical access assessments. We understand that cybersecurity is fundamentally a human problem, not a technical one. “Controlling the creds” is one of the most basic requirements of an enterprise security program, but it’s also one of the most critical. Despite this, many organizations struggle to manage user access across channels like desktop, mobile or cloud. In fact, the majority of data breaches today involve weak, default or stolen passwords. Onyx’s assessments test homes and companies’ identity and access management policies, practices and controls, and make sure that the right individuals have access the right resources at the right times (and for the right reasons).
Web Application Assessment
Similar to penetration testing, Onyx provides web application assessment to identify the weaknesses of and potential threats to your business’s web applications.