SimIS offers penetration testing as a distinct service, where other companies often use the terms “vulnerability assessment” and “penetration testing” interchangeably.  While a vulnerability assessment does provide value to a client when meeting auditory or compliance requirements, it does not necessarily expose the true business impact of a specific vulnerability or chain of vulnerabilities.  Our consultants have spent years conducting penetration testing against some of the nation's most sensitive and well protected networks; more often than not, achieving full control of the target network and all computers systems on it.  However, our goal is not purely to penetrate systems and networks.  Rather, the goal is a qualitative business impact analysis of the issue.

SimIS has developed proprietary methodologies, tools and techniques for infiltration and escalation of privilege on networks. SimIS penetration testing is much more than simply running a single known vulnerability scanning tool and reformatting the raw output. The value of this service offering resides in our staff's expert knowledge and use of several customized tools and techniques. At your request, our consultants can also employ social engineering techniques to help our clients obtain a more complete awareness of human vulnerabilities.

Our consultants understand the challenges associated with performing assessments against systems and networks that require a high level of availability. SimIS has developed specific methodologies for performing vulnerability assessments to deliver valuable and accurate reporting while ensuring system availability and minimal performance impact for critical systems. SimIS can also perform vulnerability assessments for your organization to fulfill audit and compliance requirements.

It's a well known fact that the nation's adversaries are making a concerted effort to penetrate our government and commercial networks. Their goal is to steal both Intellectual Property and our nation's defense and intelligence secrets. Their efforts are relentless; they have the expertise, time and resources, and capabilities - this threat must be taken seriously. SimIS can use a variety of tactics and efforts that can accurately emulate a number of different threat levels - from the unskilled script kiddie seeking glory to the nation-state level. We live on the bleeding edge of Information Security; immersing ourselves in the underground hacking community to learn hacker tactics and tools. Our consultants have a great amount of experience conducting Red Team operations against certain Federal government agencies and can easily translate this experience to the private sector.

SimIS offers affordable periodic vulnerability scans that are designed to identify potential vulnerabilities as they are made public. The first step is to obtain a baseline of accessible systems and services. The follow-on scans will then identify discrepancies from the baseline, alerting your organization to these changes. While this type of service is easy to automate and conduct without human analysis, our consultants will be involved in each step, providing a more thorough test. You define the time period, designate the network to be scanned, and we will meet your needs. SimIS can also monitor websites or even specific web pages for changes, alerting you to a potential security breach.

Implementation of a secure wireless network can be a difficult task with this ever-changing technology. New standards for wireless networking have constantly been developed and introduced since the technology's creation. Our consultants have specific expertise in wireless networking and can readily demonstrate the security impact of your wireless network, or those networks owned by other organizations in close proximity. An improperly configured wireless network or client can provide an anonymous back door into a corporate network, leading to the compromise of IT infrastructure, confidential information, and trade secrets. SimIS consultants have expertise in performing wireless assessments in both corporate and government verticals, including retail wireless Point of Sales (WPOS) systems, commercial hotspots (network and web application authentication and billing methods), and industrial environments.

Our consultants have performed web application assessments against a variety of highly customized environments. Our methodologies are heavily based upon highly skilled manual testing in conjunction with tools used to identify security issues. Long before the terms “cross-site scripting” and “SQL injection” were coined, SimIS consultants were assessing the security of web applications with a heavy emphasis on the banking and finance industry. Whether you have developed a customized web application or implemented a COTS (Commercial Off-The-Shelf) solution, SimIS can provide assessment services to ensure that you and your client's data will remain protected.

SimIS has a significant amount of experience in supporting several different Federal government agencies develop their C&A packages. SimIS is experienced in the development of all phases and pieces of the C&A package to include the ISSP (Information System Security Plan), the Vulnerability Assessment, the Risk Assessment, ST&E (Security Testing and Evaluation), POAMs (Plan of Action and Milestones), and of course Penetration Testing.