Penetration Testing & Vulnerability Assessment

Vulnerability management is a foundational security capability that ensures an organization’s IT assets are protected and not easily compromised. However, new vulnerabilities and exploits are discovered every day. And while many systems may start in a secure manner, over time configurations may be changed for troubleshooting or the addition of new functionality. This is where vulnerability scanning tools and services play a major role in maintaining a secure IT environment. Running vulnerability scans on a regular basis allows an organizations IT team to quickly identify IT assets that may be missing critical patches or have drifted from the original security configurations. Vulnerability scanning also provides insights into vulnerabilities introduced by third-party applications installed on end user workstations that are not receiving regular patches from the vendor.

Baker Tilly’s internal vulnerability scanning services allow organizations to quickly identify vulnerabilities that exist on systems within their network that an attacker could compromise. Baker Tilly deploys either a physical or virtual scanning appliance on your network to enable our team a secure point for remotely accessing your internal environment. Baker Tilly’s team then utilizes industry-proven system discovery solutions and vulnerability scanning tools to efficiently and effectively identify active systems and known vulnerabilities. Baker Tilly then works with our clients to analyze the severity and impact of the identified vulnerabilities and develop a remediation road map to quickly return the organization to a more secure state.

Whether it is to enable employee connectivity, or to provide internet access to visitors, organizations are providing more wireless network connectivity throughout their offices and production facilities. Internet of things (IoT) devices have made wireless connectivity even more critical to business operations. However, wireless networks offer a significant risk for organizations as their signals don’t usually stop at the edge of the office building or production facility. Additionally, guest wireless networks have introduced new risks due to a lack of control of the devices connected to that network.

Baker Tilly’s wireless network security testing helps our clients identify weaknesses in their wireless network configurations and architecture. Our testers utilize a variety of industry-proven tools to attempt to crack the security configurations of your network to gain access to internal network segments that contain sensitive systems and information. Additionally, our testers review your wireless network architecture to identify areas for improvement to maintain a secure network configuration when managed and unmanaged devices are connecting to the wireless network.

Business services have continued to evolve into more and more sophisticated online solutions. These online services are supported through custom developed web applications that serve as a platform to connect business operations directly with customers online. However, as these platforms have evolved, so have the security risks and threats that may impact the security of the information and systems that process that information.

Baker Tilly has developed a targeted security testing service offering that focuses on assessing the security risks and threats that impact your custom web applications. Our testing starts with a detailed review of the web application architecture to identify critical components and services that support the online services. From that knowledge, our team then meets with the development team to deeper our knowledge of the various data flows and system integrations. And finally, our team moves to external testing activities in order to identify security weaknesses that could cause an outside to gain unauthorized access to internal information and systems. Our testing is focused on the top 10 web application risks, as defined by the Open Web Application Security Project (OWASP). These risks include:

• Broken access control
• Cryptographic failures
• Injection
• Insecure design
• Security misconfiguration
• Vulnerable and outdated components
• Identification and authentication failures
• Software and data integrity failures
• Security logging and monitoring failures
• Server-side request forgery

Today’s attackers focus on the weakest link in your organization, your employees. Employees are the root cause for the majority of ransomware attacks, mailbox compromises leading to wire fraud, or accidental data loss. Ensuring your employees are trained on how to spot a phishing email, how to report a suspicious email or phone call, and how to properly secure your organization’s information is critical to minimizing the security risk of your organization.

Baker Tilly’s social engineering services offer a comprehensive view on employee security risks. Baker Tilly works with our clients to develop customized security training content specific to the risks their organization faces. Our team then delivers that training to your employees and answers questions from the audience to help clarify security risks and proper security procedures to ensure your employees are well informed of their role and responsibilities in securing your organization’s systems and information.

Baker Tilly also offers tailored social engineering testing services aimed at testing the ongoing security awareness of your employees. These tests including phishing emails and phone calls (vishing) based on a tailored approach to maximize the effectiveness of our testing based on your organization’s operations and risk factors.