Stay secure with the support of BPM’s cybersecurity penetration test and incident assessment specialists.
What sets us apart.
- Experience. Our team of specialists has performed thousands of penetration tests nationwide since 1998.
- Assessment focus. We concentrate on assessment, avoiding conflicts of interest with other services.
- Confidentiality. Our professional, ethical service protects the confidentiality of your operation’s information.
- Commitment. We commit to developing a long-term relationship as your trusted advisor.
Here’s an overview of our services.
- Penetration Tests – includes technical, social engineering, and physical security testing.
- Program Assessments – includes information security program review, risk assessment, and IT general controls audit.
- Supplemental Services – Incident investigations/Forensics including internal malfeasance and fraud, purple teaming, cloud configuration review, OT/ICS/SCADA assessments, ASV scanning, active directory password audit, and training.
Our comprehensive penetration testing approach.
BPM cybersecurity specialists work to identify your information security weaknesses before an attacker does. Also known as “ethical hacking,” our focused penetration testing allows us to identify exploitable vulnerabilities in your infrastructure, applications, people, and processes.
Here’s how it works:
Zero Knowledge Testing scenarios closely mirror how real-world external threat actors attempt to access your sensitive information. It leaves our testers in the dark about as many client details as possible until the testers can ascertain that data, beginning with the test’s information-gathering stage.
Open Book Testing provides assurance for clients looking to work collaboratively with us to assess the functionality and configuration of key systems and controls and identify potential vulnerabilities or work together to ensure vulnerability remediation efforts are effective across all affected systems. This testing method involves sharing credentials, access, and system information, but it allows us to work with you to properly deploy a key application or new security controls, such as an intrusion detection system.
Blended Approach Testing allows us to combine the benefits of both Open Book and Zero Knowledge Testing. Our projects often end up using Blended Approach Testing which allows our team to access key areas of your systems, enabling deeper visibility while keeping the project scope manageable. It requires coordination to ensure that what’s in and out of bounds is well defined.
Comprehensive Penetration Test
- Technical assessment
- Social engineering
- Physical security
Our proven penetration testing works to thoroughly assess the real-world effectiveness of information security controls. We provide a comprehensive baseline assessment by evaluating your security posture from physical, human, and technological attack vectors. These assessments are then combined into cascading sequences of exploits to gain access to otherwise secure systems.
Application Penetration Test
- Code review
Clients take advantage of our in-depth penetration testing of web and mobile applications from different credentialed perspectives to model the threat populations that present the most significant risks. Our detailed methodology leverages common Open Worldwide Application Security Project (OWASP) top-10 vulnerabilities and the latest industry research to identify and exploit vulnerabilities that could compromise your data.
How can we help you assess your risk management program?
- Program Assessment Services
Information Security Program Review
Our experienced Program Assessors evaluate a client’s documented Information Security Program to determine the program’s adherence to accepted best practices, and institution of organizational governance. This service gives stakeholders insight into the sufficiency of the existing program and provides recommendations to close identified gaps.
Information Security Risk Assessment
This collaborative process between BPM and the client conducts an assessment of the risks posed to client sensitive information. The assessment includes a threat modeling or asset inventory-based risk assessment methodology. The assessment then determines the likelihood, impact, plan of action, and residual risk that exceeds organizational tolerance.
- Supplemental Services
Breach Assessment / Incident Assessment
If you have, or suspect you have, experienced a breach or incident, we’ll conduct an independent assessment and debrief. Our incident assessment services can also help your organization with employee malfeasance by examining digital evidence to support or refute a suspected breach of the appropriate use policy.
Cloud Security Configuration Review
Our team can relieve some of the stress of migrating to the Cloud via a Cloud Security Configuration Review. It assesses configuration, least privilege, fault tolerance, authentication, and other key security controls.
OT/ICS/SCADA Security Assessment
For organizations with mission-critical operational technology (OT), such as industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems, BPM’s security assessments provide a baseline of security control effectiveness while maintaining uptime.
Active Directory Password Audit
Passwords reign as the modern keys to the kingdom in many organizations. This audit provides insight into the security of the passwords on your Windows network.
Purple Teaming / System Validation
Are you evaluating a new security control’s effectiveness or looking to mitigate known vulnerabilities you can’t simply patch? Our Purple Teaming service combines your internal expertise with our team of proactive security specialists to collaboratively solve security challenges in real time and validate the system is functioning as intended.
Begin the conversation about your cybersecurity assessment needs.Connect with us
PCI ASV Scans
Vendor (PCI ASV) Scanning Are you looking to stay compliant with PCI regulations for processing credit card information? Our easy and affordable scanning service will help you fulfill these requirements.
Incident Response Tabletop Exercise
This exercise is a realistic simulation of a cyber incident that allows organizations to test and evaluate their incident response plans and procedures. Led by experienced cybersecurity professionals, the exercise provides a safe and controlled environment for participants to practice their roles and responsibilities in responding to an incident. Through the exercise, organizations can identify and address gaps in their incident response processes, improving their overall preparedness to effectively handle a real-life cyber event.
Cybersecurity Cultural Assessment
We phish, interview, and eventually survey employees to learn their level of cybersecurity awareness. This provides an indication of where your organization stands regarding cybersecurity readiness, specifically evaluating the people who have access to your systems and tools.
Firewall Configuration Review
Through this review, our team can identify key firewall rules and settings to assess configuration, least privilege, fault tolerance, authentication, and other essential security controls.
WiFi networks can be a highly accessible entryway for a threat actor to gain access to your network. Our assessment determines how susceptible your wireless network is to these attacks.
Systems, Devices, and Hardware
If your organization has a device or proprietary hardware connected to sensitive information, it is a good practice to subject it to testing to see the potential consequences of getting in the wrong hands.
Telework Security Assessment
If your employees are accessing sensitive data in a remote work environment, consider a Telework Security Assessment to determine if your data is being accessed securely.
Live, instructor-led Security Training
- Board/Leadership Cybersecurity Governance Training
- Social Engineering Awareness Training
Financial Institution Services
- Online Banking Assessment
- Core System Security Assessment · GLBA Gap Analysis
- FedLine Attestation
- SWIFT Attestation