Q: I have a firewall and Intrusion Detection system installed on my network, shouldn't this be enough to protect me from hackers?
A: Firewalls and Intrusion Detection Systems (IDS) are great first lines of defense when it comes to network security, however, firewalls can trivially be bypassed, and Intrusion Detection Systems will miss most of the latest attacks against web applications and networks if not rigorously maintained.
Q: We run vulnerability scans against our systems on a regular basis, this should let me know of all the vulnerabilities that I have on my network right?
A: Vulnerability scans are great, but produce tons of false positives. If the automated scanners do not have an expert to interpret and analyze the results properly, your network and applications are still at risk. Vulnerability scan are limited in functionality and will not find vulnerabilities such as business logic, privilege escalation, and tons of other high risk vulnerabilities that plague networks and applications.
Q: We have a network security staff that is dedicated to protecting our information assets, why should we use Offensive Logic for services that are already carried out inhouse?
A: Having a third party view on your network security posture will provide a fresh perspective on potential threats to you infrastructure. Please understand that Offensive Logic is not here to challenge your network security staff or prove anything, we've come to assist your organization in identifying potential weaknesses from an attacker's standpoint, and to " Work With " your teams to eliminate any weaknesses that are found. In essence, "We become a part of your team, and you become a part of ours!"
Q: How often should I have a penetration test done on my network and applications.
A: We recommend having a penetration test done quarterly, or any time there is a major revision or upgrade to your network or applications. This ensures that security is maintained, and that the new vulnerabilities that are introduced are found and remediated.