External

Internal

Web Applications

Social Engineering

PCI

WiFi

Mobile Applications

Cadra Cadence

Full Penetration Testing:

Real-world, simulated attack conducted by hackers. Certified with Offensive Security Certified Professional (OSCP) and other certifications, this service is also known as manual penetration testing. In this endeav-or, engineers use dozens of tools, reconnaissance, and scripts, development and engineering experience to find, exploit and professionally document network, device and/or application vulnerabilities. The service includes report debrief and advisement as well as free remediation testing in 30 days.

Hybrid or Automated Penetration Testing :

Similar to full penetration testing, the hybrid test is conducted by certified engineers, but only one automated pen test tool is used and exploits are only validated and attempted on high or critical risk items. No reconnaissance is conducted for credential-harvesting and login attempt purposes. Additionally, a full report is not offered on medium-risk vulnerabilities. No remediation testing is included. This option may not pass PCI, ISO 27001, FedRAMP or other regulatory or compliances but is a good option for a budget- constrained situation.

Continuous Threat Exposure Management (CTEM) Subscription:

For Internal and external IP environments, Cadra CTEM using Shield technology is a monthly subscription at just a few dollars per IP per month, in which scans can be automated at a monthly cadence, checking Active Directory for misconfigurations, attempting first-level exploits and validations on discovered vulnerabilities, and generally providing a higher level of threat discovery than scans alone.

Managed Vulnerability Scanning:

Standard quarterly external or internal vulnerability scanning simply reports on discovered ports and services with possible vulnerabilities against the CVE database. It is an inexpensive baseline of red team service to ensure servers are patched, software and hardware updated and is a simple part of basic cyber hygiene.

Cadra Cadence :

This is the highest level of red team service, combining full manual penetration testing with a cadence of CTEM or, at the application level, authenticated hybrid testing on a quarterly or monthly basis. For example, some organizations will have their full annual, manual penetration test on web application, internal and/or external scope; followed by a quarterly cadence of hybrid testing on the same scope.