External penetration testing is one of the primary services that organizations utilize to ensure their internet-facing services are secure. External testing allows you to see your external security posture through real-world cyber attack scenarios. Our testing allows you to identify areas for improvement in your system configurations, security solutions, and monitoring and response capabilities.
Baker Tilly’s external penetration testing services utilize a two-pronged approach to testing the security of your organization’s internet-facing services. First, the Baker Tilly team utilizes industry-proven tools to quickly identify known vulnerabilities within your internet-facing systems. This then allows our team to focus the next phase of testing on efficiently and effectively manually attempting to exploit these vulnerabilities to gain access to internal systems and information that should not be accessible from unauthenticated individuals.
CASE STUDIES
Social engineering
Web application security testing
Internal vulnerability scanning
Wireless network security testing
External penetration testing
Debt consolidation company closes security vulnerability after successful external penetration testing
Read the case study
Vulnerability management is a foundational security capability that ensures an organization’s IT assets are protected and not easily compromised. However, new vulnerabilities and exploits are discovered every day. And while many systems may start in a secure manner, over time configurations may be changed for troubleshooting or the addition of new functionality. This is where vulnerability scanning tools and services play a major role in maintaining a secure IT environment. Running vulnerability scans on a regular basis allows an organizations IT team to quickly identify IT assets that may be missing critical patches or have drifted from the original security configurations. Vulnerability scanning also provides insights into vulnerabilities introduced by third-party applications installed on end user workstations that are not receiving regular patches from the vendor.
Baker Tilly’s internal vulnerability scanning services allow organizations to quickly identify vulnerabilities that exist on systems within their network that an attacker could compromise. Baker Tilly deploys either a physical or virtual scanning appliance on your network to enable our team a secure point for remotely accessing your internal environment. Baker Tilly’s team then utilizes industry-proven system discovery solutions and vulnerability scanning tools to efficiently and effectively identify active systems and known vulnerabilities. Baker Tilly then works with our clients to analyze the severity and impact of the identified vulnerabilities and develop a remediation roadmap to quickly return the organization to a more secure state.
CASE STUDIES
Read the case study
Whether it is to enable employee connectivity, or to provide internet access to visitors, organizations are providing more wireless network connectivity throughout their offices and production facilities. Internet of Things (IoT) devices have made wireless connectivity even more critical to business operations. However, wireless networks offer a significant risk for organizations as their signals don’t usually stop at the edge of the office building or production facility. Additionally, guest wireless networks have introduced new risks due to a lack of control of the devices connected to that network.
Baker Tilly’s wireless network security testing helps our clients identify weaknesses in their wireless network configurations and architecture. Our testers utilize a variety of industry-proven tools to attempt to crack the security configurations of your network to gain access to internal network segments that contain sensitive systems and information. Additionally, our testers review your wireless network architecture to identify areas for improvement to maintain a secure network configuration when managed and unmanaged devices are connecting to the wireless network.
CASE STUDIES
Food producer improves network security after disabling unused networks
Read the case study
Multilocation car dealership updates patching inventory after internal vulnerability scan
Business services have continued to evolve into more and more sophisticated online solutions. These online services are supported through custom developed web applications that serve as a platform to connect business operations directly with customers online. However, as these platforms have evolved, so have the security risks and threats that may impact the security of the information and systems that process that information.
Baker Tilly has developed a targeted security testing service offering that focuses on assessing the security risks and threats that impact your custom web applications. Our testing starts with a detailed review of the web application architecture to identify critical components and services that support the online services. From that knowledge, our team then meets with the development team to deeper our knowledge of the various data flows and system integrations. And finally, our team moves to external testing activities in order to identify security weaknesses that could cause an outside to gain unauthorized access to internal information and systems. Our testing is focused on the top 10 web application risks, as defined by the Open Web Application Security Project (OWASP). These risks include:
- Broken Access Control
- Cryptographic Failures
- Injection
- Insecure Design
- Security Misconfiguration
CASE STUDIES
Multinational government contractor updates training after phishing prevention campaign uncovers vulnerabilities
Read the case study
Today’s attackers focus on the weakest link in your organization, your employees. Employees are the root cause for the majority of ransomware attacks, mailbox compromises leading to wire fraud, or accidental data loss. Ensuring your employees are trained on how to spot a phishing email, how to report a suspicious email or phone call, and how to properly secure your organization’s information is critical to minimizing the security risk of your organization.
Baker Tilly’s social engineering services offer a comprehensive view on employee security risks. Baker Tilly works with our clients to develop customized security training content specific to the risks their organization faces. Our team then delivers that training to your employees and answers questions from the audience to help clarify security risks and proper security procedures to ensure your employees are well informed of their role and responsibilities in securing your organization’s systems and information.
Baker Tilly also offers tailored social engineering testing services aimed at testing the ongoing security awareness of your employees. These tests including phishing emails and phone calls (vishing) based on a tailored approach to maximize the effectiveness of our testing based on your organization’s operations and risk factors.
CASE STUDY
Testing of software company's web portal boosts confidence in security measures
Read the case study
- Vulnerable and Outdated Components
- Identification and Authentication Failures
- Software and Data Integrity Failures
- Security Logging and Monitoring Failures
- Server-Side Request Forgery
City identifies weaknesses in
security protections after external
penetration test
Read the case study
Multilocation grocery store
enhances internal IT practices as a result of vulnerability scan
Read the case study
Network scanning tools test prove private jet charter company's wireless network is secure
Read the case study
Financial services company
confirms security of web-facing
applications and minimizes risk
Read the case study
CASE STUDIES
Testing of software company's web
portal boosts confidence in security measures
Read the case study
Healthcare organization tests technical security controls and internal security awareness training with phishing campaign
Read the case study