Metris has core expertise in exploiting both computer and human networks. Our penetration testing focuses on utilizing real-world approaches to human and computer network exploitation used by black hat hackers, foreign governments, and industrial competition.
Metris has a wide breadth and depth of experience in information security. Through this experience, we have developed a comprehensive and holistic approach to assisting our clients with identifying, assessing, managing, and mitigating current and emerging security risks that can affect their organization
Traditional penetration testing for commercial markets involves assessing logical and physical controls to determine vulnerabilities that can affect an organization’s security posture. While this approach may identify risks to physical infrastructure and computing networks, it does not account for the complexities faced from the human variable. Metris’ approach to penetration testing involves much more than a conventional assessment of logical and physical controls within an organization. The greatest organizational risk lies within the people and processes responsible for the day-to-day continuity of business services. These vulnerabilities are often overlooked during the course of traditional penetration testing due to the shortened duration of the test and the level of expertise of the penetration-testing provider. Our team draws from their collective past experience in human intelligence operations to formulate a comprehensive, and commercially appropriate, approach to exploiting vulnerabilities within an organization’s employee base.
Our assessments will identify and report vulnerabilities which may lead to the compromise of the confidentiality, integrity, and availability of your data network operations. We communicate these vulnerabilities in our reports in risk-adjusted order – specific to your environment – with calls-to-action and recommendations to remedy or mitigate these risks, taking into context your culture and available resources. Our report of findings will help management focus on the actions that will improve your organization’s security posture.
Our recommendations always focus on systemic problems and practical solutions. Our objective is for remediation efforts to be effective in preventing security problems in the future. To that end, we review our findings with your team to ensure that the vulnerabilities, risks, and mitigation strategy are well understood and that solutions are implemented. If you have specific audit and compliance needs, our solutions will assist you in being proactive with solutions to maintain accreditation and continuity, to include GLBA, HIPAA-HITECH, PCI, and SOX.