Penetration & Compliance Testing

Secure Your Assets With Sakura
Home / Cyber Security & Digital Forensics  / Penetration & Compliance Testing

Sakura Sky delivers a broad range of security, penetration, and compliance testing services including vulnerability, configuration, and compliance scanning. Featuring high-speed discovery, configuration auditing, asset profiling, malware detection, sensitive data discovery, and vulnerability analysis.

With a strong focus on cloud services and web applications, our consultant team will provide a written report with actionable items for implementation.

We offer scanning and discovery managed services including devices, hybrid cloud, content auditing, malware, and more.

Discovery

  • Accurate, high-speed asset discovery
  • Un-credentialed vulnerability discovery
  • Credentialed scanning for system misconfigurations & missing patches

Broad Asset Coverage and Profiling

  • Network devices: Firewalls/Routers/Switches (Juniper, Check Point, Cisco, Palo Alto Networks), printers, storage
  • Offline configuration auditing of network devices
  • Virtualization: VMware ESX, ESXi, vSphere, vCenter
  • Operating Systems: Windows, Mac, Linux, Solaris, BSD, Cisco iOS, IBM iSeries
  • Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, PostgreSQL
  • Web applications: Web servers, web services, OWASP vulnerabilities
  • Cloud: Deployed as AWS AMI

Control Systems Auditing

  • SCADA systems, embedded devices and ICS applications

Sensitive Content Auditing

  • PII (e.g. credit card numbers, SSNs)

Automatic Scan Analysis

  • Remediation action priority and scan tuning recommendations.

Threats: Botnet/Malicious Process/Anti-virus Auditing

  • Detect Viruses, malware, backdoors, hosts communicating with Botnet-Infected systems, known/unknown processes, web services linking to malicious content.

Compliance Auditing

  • FFIEC
  • FISMA
  • CyberScope
  • GLBA
  • HIPAA/ HITECH
  • NERC
  • PCI (not certified)
  • SCAP
  • SOX

Configuration Auditing

  • CERT
  • CIS
  • COBIT/ITIL
  • DISA STIGs
  • FDCC
  • ISO
  • NIST
  • NSA