Security Testing
Cheat Sheet
What security tests should your organization run and how often should these tests be performed? Find out in this handy cheat sheet of today’s best practices!
| Service | Overview | Recommended Frequency |
|---|---|---|
 Penetration Testing |
The goal of a penetration test is to identify weaknesses in your technology environment, and demonstrate the risk to your organization. During a penetration test, ethical hackers simulate a cyberattack to uncover security gaps such as unpatched vulnerabilities, system misconfigurations, authentication weaknesses, session issues and more. |
Annually or upon major changes |
 Continuous Penetration Testing |
Your organization needs a continuous, proactive approach to identifying and mitigating security weaknesses. Our expert penetration testers routinely scan for vulnerabilities, conduct manual exploitation, and provide ongoing insights and recommendations to protect against evolving threats. | Continuously! |
| Vulnerability Scanning |
In today’s threat landscape, monitoring your external attack surface is critical. Continuously scan your Internet-facing systems to protect against software exploits and quickly identify exposed or vulnerable assets. Our solution continuously monitors your attack surface, discovers unpatched vulnerabilities, verifies patch status, and more. | Continuously! |
 Web App Pentesting |
The security of web applications degrades over time as new vulnerabilities are uncovered. With many organizations using over 100 web apps, pentesting is now a foundational security practice for organizations to identify and mitigate vulnerabilities in SaaS platforms and web applications before the hackers find them. | Annually or upon major changes |
 Attack Detection & Response Testing |
How do you know your monitoring is effective? Find out! LMG’s experts will launch a simulated attack and test your detection and response capabilities. Our methodical, timed, testing can include reconnaissance, vulnerability scanning activities and exploitation attempts. Throughout the testing process, we will keep meticulous, timebased records of the simulated “attacker” activities for post-test analysis. |
Annually |
 Cloud Configuration Review |
Cloud breaches are all too common. LMG will review a variety of technical controls, including: access and sharing, authentication, encryption, monitoring, logs, automatic back-up schedules and much more. Our team provides a detailed report that helps you close security gaps, refine internal policies and reduce your cloud security risks. Platforms include AWS, Azure, Microsoft Office 365, Google Cloud, and more. | Annually or upon major changes |
 Red Team Testing |
Can hackers penetrate your network and gain access to your sensitive data or impact operations? Find out with a red team test. A highly skilled team of experienced penetration testers are given creative freedom to “think like hackers” and see how far they can go in your network. The red team will have customized goals, and use a combination of attack techniques to not only penetrate your network, but also identify and exploit vulnerabilities in your people, processes, facilities and technology to capture their target data. |
Annually |
