Protect Your Business with Information Security Consulting

At Caliber Security, we are experts at helping companies protect their business and assets. In addition to penetration testing and vulnerability scanning of networks and applications, we can also review and test the policies and procedures that your people are following to ensure that you’re protecting yourself from future issues.

Network & Systems

Network Penetration Testing
Caliber’s network and infrastructure penetration testing identifies security weaknesses in your network and in the devices within the network. Our skilled testers thoroughly search to identify potential vulnerabilities such as improper security configurations, out-of-date software, missing patches, weak communication algorithms, command injection, and other similar items. For infrastructure penetration tests, we often include the testing of firewalls, switches, virtual and physical servers, and workstations.

Penetration testing is a proactive way to discover exploitable vulnerabilities in your computer systems and networks. For penetration testing, it’s important to understand that basic automated testing is typically not enough to identify all of the major vulnerabilities in your network. At Caliber, we help you gain a thorough understanding by using both an automated and manual testing process. This allows us to go beyond basic testing and move into providing you a more robust picture of your vulnerabilities. This information is compiled and presented to you in an actionable and relevant report that gives you a clear path on what to do to remediate issues before an attacker is able to interrupt your business operations.

Vulnerability Scan & Review
Caliber’s vulnerability network scanning service provides a moment-in-time view of your system weaknesses. The value in this service is that it identifies low-hanging fruit in order to effectively and rapidly mitigate your overall security risk. This assessment is targeted at computer systems, networking devices, or one or more particular programs and applications that are available across the network. A network vulnerability scan is typically recommended on a quarterly to yearly basis, as it is a critical underpinning for any information security program. Additionally, vulnerability assessments and penetration tests are required for some compliance standards such as PCI. While not required for HIPAA, it is also recommended as a best practice for healthcare organizations that interact with patient data.

The value in our network scanning service is not the scan in and of itself, but rather the actionable relevant reports that we create with it. These reports provide clear direction to you and present an actionable plan to shore up risks. You can count on us to deliver clear, actionable, and relevant analysis and reporting, every time, for your network review.

Mobile, Web, & Desktop Applications

Dynamic Application Security Testing (DAST)
Caliber’s Dynamic Application Security Testing (DAST) services leverage Burp Suite Enterprise to identify and analyze vulnerabilities in your web applications through powerful, real-time scanning. The Caliber DAST tool allows our team to perform thorough and automated security assessments that integrate seamlessly with your development processes. By utilizing Burp Suite’s robust testing capabilities, we can detect critical vulnerabilities such as SQL injection, cross-site scripting (XSS), and insecure authentication flows. Caliber DAST can be configured to scan daily, weekly, or monthly.

App & Mobile Penetration Testing
Web Application Penetration Testing (Pen test) is used to determine vulnerabilities in applications that process and/or store sensitive information. This typically includes credit card data, personal identifiable information (PII), and other proprietary data. Our web application penetration testers seek to obtain access to gather sensitive information from your applications which we can then help you determine where risks associated with application vulnerabilities lie.

To fully test your apps, it’s important to know the difference between basic vulnerability testing and a high-skill attack simulation. At Caliber, our testing methodology goes deeper than traditional penetration test companies, to provide you with a complete picture of your information security vulnerabilities. We also incorporate your company’s unique requirements and risk factors into our analysis to ensure the most effective testing and remediation recommendations.

App & Mobile Vulnerability Scan & Review
We use scanning tools to identify vulnerabilities on your apps and mobile software. The results of the vulnerability scans help inform you about known and potential vulnerabilities, so those weaknesses can be addressed and managed.

What is most important about any app or mobile vulnerability scan is the interpretation of the output of the scanning results. All too often in the information security industry we see boilerplate reporting with a lot of copy and paste, and no clear direction on what to do to resolve identified vulnerabilities. Are all of the vulnerabilities equally important? How are you supposed to resolve them? And where should you begin? We interpret and prioritize the data to provide you with a roadmap to resolving issues in a way that makes sense and provides the most value to your specific business. You can count on us to deliver clear, actionable analysis and reporting for all of your security needs.

Operations

Social Engineering, Phishing, and Physical Penetration Testing
Social engineering is basically a penetration test against people within an organization. It provides a true assessment of an organization’s security training and awareness practices. By performing social engineering assessments of your organization, Caliber is able to establish a baseline security posture and make recommendations for modifying and developing stronger policies and procedures.

Caliber can provide three different levels of social engineering threat modeling based on your security needs: low, medium, or high risk. All of our social engineering is done in adherence to ethical guidelines. The output of our threat modeling is an actionable and relevant report that will provide you with a roadmap to develop better security procedures. Our reports contain security metrics from social engineering that are consistent, and reusable. For us, it’s not good enough to simply do a pass/fail social engineering test, which does not have an actionable output of the process. We like to look at pass/fail rates as percentages, as opposed to just saying you failed and proving to you that we can break your security. We also adhere to the standards of non-attribution, where we want to help fix the process and educate employees, not blame the person who made a mistake. These are all reasons why most of our clients find our social engineering service to be a little different and a lot better than what other companies do.