iViZ Security

Network and System Penetration Testing

iViZ's Network Penetration Test is more comprehensive than conventional Network vulnerability assessment by using an attacker-oriented approach. By going beyond simple vulnerability testing, iViZ's network testing also exploits them to find the real threats thereby enabling organization to effectively prioritize and remeditate them to drastically improve overall security posture.




Comprehensive Internal & External Network Security Testing

iViZ Security solution provides exhaustive network security testing on your internet network security infrastructure either from within your network or outside over the Internet. While black-box testing is best conducted from outside your network, a comprehensive "Multi-Stage Attack Path" testing as well as protocol link analysis is most effective when done from within your network. iViZ's Network Testing simulates the same methods that an attacker would follow to exploit multiple network security weaknesses in different combinations. Individually, some network vulnerability may not be critical, but when combined in certain ways, they can compromise your business-critical data or computer network.

Back to Top





How Network Penetration Testing works?

Internal On-Demand Network Testing:

Network penetration testing on internal servers and network devices are carried out using iViZ Security Appliance from within your network. The appliance comes with pre-installed with iViZ Security patent-pending technology software and conducts comprehensive testing without having to go over the Internet. Further this appliance can conduct additional network protocol link analysis and multi-stage attack analysis inside your computer network. The below section details the methodology used in the network vulnerability assessment to optimize the network security testing system.

Network Penetration Testing, Network Security Testing

External On-Demand Network Testing:

Network penetration testing on external facing servers and public network devices are carried out from iViZ Security SOC (Security operations center) remotely over the Internet using iViZ's patent-pending technology. The section below details the methodology used in the network security testing process.

Network Vulnerability Assessment, Vulnerability Testing
Back to Top




iViZ Network Assessment Methodology

iViZ Security uses comprehensive methodology to perform the network assessment. The result of the network vulnerability Assessment is further used to do deeper Protocol Link Analysis as well as Multi-Stage Attack Analysis. iViZ Security conducts vulnerability assessments for small businesses to large regional infrastructures and has made significant strides in the network security communities for identifying, quantifying, and prioritizing the vulnerabilities in a system.



Internal On Demand Assessments:

network vulnerability assessment


External on Demand Assessments:

network security testing
Back to Top





Solution Delivery

iViZ Security provides on-demand delivery for all Over-The-Internet testing solutions. In the case of Internal Network Testing, it is done using iViZ Security Appliance with pre-installed software. In both cases, the test reports and remediation recommendations are accessible anytime on the iViZ Security Management Portals.



Internal On-Demand Testing:

network penetration testing

Delivery Features of Internal On-Demand Testing

  • Assisted registration of internal network and server devices on your network.
  • Assisted test scheduling at your convenience.
  • Assisted installation of iViZ Security Appliance within your net.
  • Generation of comprehensive report based on automated testing coupled with expert validation on the tests to provide in-depth and comprehensive coverage.
  • Anytime access to vulnerability testing results & remediation reports on iViZ Security on-demand portal.

External On-Demand Testing:

vulnerability testing

Delivery Features of External On-Demand Testing

  • Self-Service registration and maintenance of your hosts & applications using iViZ Security on-demand portal.
  • Test scheduling at your convenience.
  • Automatic test launch based on your schedule directly and remotely from iViZ Security SOC (Security Operation Center).
  • Email alerts to keep you updated on test progress.
  • Generation of comprehensive report based on automated testing coupled with expert validation on the tests to provide in-depth and comprehensive coverage.
  • Anytime access to vulnerability testing results & remediation reports on iViZ Security on-demand portal.
Back to Top


Benefits of iViZ Network Testing

Reduce Cost, Time & Effort Using On-Demand Platform

iViZ Security's unique On-Demand delivery platform and architecture is built to provide SaaS (Software as a Service) experience to our customers. On-Demand delivery significantly reduces the time and cost of conducting a conventional network security testing effort. Customers can conduct periodic & regular Network Testing using this platform. The advantages of using a hosted solution are:

  • No Installation Overheads.
  • No Software/Hardware Expenses.
  • No Maintenance: 100% Remotely Managed.
  • Subscription Based Cost Effective Solution.
  • Automated Compliance Reporting Support for PCI-DSS, ISO 27001, SOX, SANS TOP20, OWASP TOP 10 etc.,

The above unique features reduce cost, time & effort required on your side as well as significantly enhances your ability to proactively manage your network security posture.


Identify "Real" Threats Through Multiple Stage Attack Analysis

Conventional testing involves manual methods which miss out on enumerating all possible attack paths. Also, a Network vulnerability assessment results in too many threat possibilities overwhelming your IT organization's ability to handle. To counter these challenges, iViZ Security technology provides two

Multi-Stage Attack Analysis provides a comprehensive schematic representation of all possible attack paths. It helps identify & prioritize the "real" threats using the knowledge of relationship between different hosts in your network and how even minor vulnerabilities in some can be used to exploit other critical systems based on their inter-dependent relationship.

Threat Scenario Modeling helps users to simulate multiple threat scenarios by selecting one or more nodes as malicious attacker nodes and another set of nodes as target critical systems.

Both the above provide a clear prioritized list of vulnerabilities for your organization's internet network security framework IT to focus on remediation. This is beneficial in identifying attack paths that often go un-noticed.


Find Network Link & Protocol Level Vulnerabilities

Vulnerabilities occur not only in the systems but also in the computer network communication link and also during the user interactions. iViZ Security technology tests communication links and vulnerable protocols and finds out potential network security threats. It can capture in-transit traffic like emails, plaintext passwords, files etc.


Exploit Systems and Application Vulnerabilities

iViZ Security conducts automatic exploitation of vulnerable hosts using number of exploits for nearly all platforms - Windows, all flavors of UNIX including Solaris, BSD etc., Numerous exploits developed for different platforms, operating systems and applications, and multiple combinations of these are available.


Compliance Wizard & Flexible Reporting For Effective Remediation

Compliance Wizard & Flexible Reporting For Effective Remediation iViZ Security provides comprehensive reports designed for management, developers, QA engineers, system managers and security professionals, providing them full visibility & control of their security needs. The reports are customizable so that users have full control of content and layout.

iViZ Security provides out-of-the-box compliance reporting through compliance wizard with data auto-fill. It also suggests gap areas and conformance to standards through comprehensive templates for PCI-DSS, ISO-27001, HIPAA, SOX, GLBA, California Senate Bill No. 1386 and others.


Monitor Trends With Test Audit History

iViZ Security can store your previous test history data providing you with rich trend intelligence information to help manage your internet network security posture effectively. Succeeding audits highlight the remediation status reported in earlier audits along with their severity levels. This helps keep track of security activities and find clues of possible attacks.

Back to Top





Penetration Testing Approaches

iViZ provides three approaches for penetration testing:

  • Zero-Knowledge Test (Black Box)
  • Partial Knowledge Test (Gray Box)
  • Full Knowledge Test (White Box)

Zero Knowledge Test:

In this approach, the Penetration Test team with no real information about the target environment. This type of test is designed to provide the most realistic penetration test possible since attackers, in many cases, start with no real knowledge of the target system.


Partial Knowledge:

In this approach the test team is provided with information a motivated attacker is likely to find. This approach saves time and expense. It is used if there is a specific kind of attack or specific targeted host that customers want to have the penetration test team focus on. To conduct a partial knowledge test, the test team is provided with such documents as policy and network topology documents, asset inventory, and other valuable information.


Full Knowledge:

In the full-knowledge test, the penetration test team has as much information about the client environment as possible. This approach is designed to simulate an attacker who has intimate knowledge of the target organization's systems, such as an actual employee would possess.

Back to Top



Who should conduct?

If your organization relies on computer networks and applications for your business, it is recommended to conduct penetration testing that includes:

  • Off-the-shelf products (operating systems, applications, databases, networking equipment etc.)
  • Bespoke development (dynamic web sites, in-house applications etc.)
  • Wireless (WIFI, Bluetooth, IR, GSM, RFID etc.)

If your business is in any of the below industries , you should actively consider carrying out security testing.

  • Banking, finance and insurance
  • Information technology and consulting
  • Online Retail/ Ecommerce
  • Manufacturing
  • Telecommunications
  • Research and development
  • Government
  • Television/Media

Additionally if your organization has any of these compliance and regulatory requirement, penetration test will help you achieve those easily:

  • ISO 27001
  • PCI
  • SOX
  • HIPPA
  • COBIT
Back to Top




Why choose iViZ Security?

  • World's first on-demand network penetration testing company
  • World's first company to build "Artificial Intelligence" tool that simulates human hacker intelligence for quicker and comprehensive testing
  • Multi-Stage Attack Analysis detects all possible attack paths unlike non-comprehensive conventional test methods.
  • Unique Patent-Pending security technology which addresses the gaps in the current day security testing methodology. (Read More on iViZ Technology)
  • World class team and technology: World's Top 8 Innovative Technology (By Intel and UC Berkeley) and World's Top 6 Security Startups(London Business School, Homeland Security and Pentagon) (View iViZ Awards)
Back to Top

Copyright © 2005-2009 iViZ Techno Solutions Pvt. Ltd. All rights reserved.