Penetration & Compliance Testing

Secure your assets with assistance from Sakura.

Sakura Sky delivers a broad range of security, penetration, and compliance testing services including vulnerability, configuration, and compliance scanning. Featuring high-speed discovery, configuration auditing, asset profiling, malware detection, sensitive data discovery, and vulnerability analysis.

With a strong focus on cloud services and web applications, our consultant team will provide a written report with actionable items for implementation.

Scanning & Compliance Management

We offer scanning and discovery managed services including devices, hybrid cloud, content auditing, malware, and more.

Discovery

• Accurate, high-speed asset discovery
• Un-credentialed vulnerability discovery
• Credentialed scanning for system misconfigurations & missing patches

Broad Asset Coverage and Profiling

• Network devices: Firewalls/Routers/Switches (Juniper, Check Point, Cisco, Palo Alto Networks), printers, storage
• Offline configuration auditing of network devices
• Virtualization: VMware ESX, ESXi, vSphere, vCenter
• Operating Systems: Windows, Mac, Linux, Solaris, BSD, Cisco iOS, IBM iSeries
• Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, PostgreSQL
• Web applications: Web servers, web services, OWASP vulnerabilities
• Cloud: Deployed as AWS AMI

Control Systems Auditing

SCADA systems, embedded devices and ICS applications

Sensitive Content Auditing

PII (e.g. credit card numbers, SSNs)

Automatic Scan Analysis

Remediation action priority and scan tuning recommendations.

Threats: Botnet/Malicious Process/Anti-virus Auditing

Detect Viruses, malware, backdoors, hosts communicating with Botnet-Infected systems, known/unknown processes, web services linking to malicious content.

Compliance Auditing

• FFIEC
• FISMA
• CyberScope
• GLBA
• HIPAA/ HITECH
• NERC
• PCI
• SCAP
• SOX

Configuration Auditing

• CERT
• CIS
• COBIT/ITIL
• DISA STIGs
• FDCC
• ISO
• NIST
• NSA