Our Services
Our engineers are trained, experienced security professionals who's main area of expertise is the analysis of computer networks from the point of view of a hacker.
You could say that we are ethical hackers.
We take on the role of a hacker and critically review every aspect of your system security, from wireless networks to sneaking past your firewall. We thoroughly analyse the results of the test and provide a comprehensive report of our findings. The report is broken down into sections in such a way that everyone involved gets the information they need.
Starting with a short 1-page synopsis, with no technical language, it succinctly expresses the risks to the organisation. This section is aimed at the people who need to know the business impact without concerning themselves with technical detail. The report follows through with management summaries and highly detailed, technical analysis of the entire penetration test. This section is aimed at the IT deparment and/or out-sourced IT support provider; it provides everything they need to know to address the problems correctly.
The Process
The security of an organisation isn't a one-time affair, but a continuous
life cycle designed to protect the company from the risks it faces.At Hoku, we design our penetration testing around your organisation, fitting best practice to your needs. The life cycle begins with:
Scoping. We consult with you and, where necessary, your technical department or IT support provider. Often we find that businesses would prefer not to inform their technical teams of the penetration testing to ensure that the test occurs in an environment that is as close to a real-world hacker attack as possible. Once we agree on which systems are to be tested, when, and how long it will take, we move to the the next stage:
Testing. Based on the scope of the project, a security engineer will begin the engagement, analysing and carefully assessing the security of the organisation's IT infrastructure. The penetration test report will be drawn up and presented to your business within the agreed timeframe. Everyone involved will get together for:
Review. The findings will be discussed along with the business impact. A suitable plan for remediation will be drawn up and action points assigned to relevant people to ensure that all vulnerabilities are address and resolved. This leads to:
Mitigation. After everyone has completed their assigned duties, the business will be protected from the threats identified during the testing phase. Software and hardware fixes will be implemented where necessary and policies adopted or changed. Training can be given if this is deemed to be of value. Finally, the process can be undertaken again at regular intervals, starting with a scoping session and fulfilling the security life cycle.