Sakura Sky

Security, Penetration, & Compliance Testing

Security, Penetration, & Compliance Testing

Sakura Sky has introduced a new range of security, penetration, and compliance testing services including vulnerability, configuration, and compliance scanning. Featuring high-speed discovery, configuration auditing, asset profiling, malware detection, sensitive data discovery, and vulnerability analysis.

With a strong focus on cloud services and web applications, our consultant team will provide a written report with actionable items for implementation.

Discovery

  • Accurate, high-speed asset discovery
  • Un-credentialed vulnerability discovery
  • Credentialed scanning for system misconfigurations & missing patches

Broad Asset Coverage and Profiling

  • Network devices: Firewalls/Routers/Switches (Juniper, Check Point, Cisco, Palo Alto Networks), printers, storage
  • Offline configuration auditing of network devices
  • Virtualization: VMware ESX, ESXi, vSphere, vCenter
  • Operating Systems: Windows, Mac, Linux, Solaris, BSD, Cisco iOS, IBM iSeries
  • Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, PostgreSQL
  • Web applications: Web servers, web services, OWASP vulnerabilities
  • Cloud: Deployed as AWS AMI

Control Systems Auditing

SCADA systems, embedded devices and ICS applications

Sensitive Content Auditing

PII (e.g. credit card numbers, SSNs)

Automatic Scan Analysis

Remediation action priority and scan tuning recommendations.

Threats: Botnet/Malicious Process/Anti-virus Auditing

Detect Viruses, malware, backdoors, hosts communicating with Botnet-Infected systems, known/unknown processes, web services linking to malicious content.

Compliance Auditing

  • FFIEC
  • FISMA
  • CyberScope
  • GLBA
  • HIPAA/ HITECH
  • NERC
  • PCI (not certified)
  • SCAP
  • SOX

Configuration Auditing

  • CERT
  • CIS
  • COBIT/ITIL
  • DISA STIGs
  • FDCC
  • ISO
  • NIST
  • NSA

Please contact our Consulting team for more information.