Strong Exploits LLC Achieves Vendor Certfication Status for Commonwealth of Pennsylvania Supplier Management System
Michael Lassiter • October 17, 2022
PA DGS Validates Strong Exploits LLC
Strong Exploits LLC, a company which is comprised of cybersecurity professionals across multiple domains, has been granted a contract by the Commonwealth of Pennsylvania to provide cybersecurity services. The contract, which is authorized under Section 517 of the Procurement Code, enables Strong Exploits LLC to be solicited by the Commonwealth of Pennsylvania for quote submission opportunities and directly bid on non-public opportunities. The categories of services that Strong Exploits will provide to the Commonwealth of Pennsylvania are the following:
- Ethical Hacking & Penetration Testing
- Managed Security Services
- Vulnerability Discovery & Management
- Security Consulting
- Regulatory & Compliance
Strong Exploits LLC, is a small business that operates out of central Pennsylvania and its consultants have extensive experience in executing offensive security engagements. Some of the numerous sectors include but not limited to, healthcare, finance, product security, managed security service, telecommunications, hospitality and telecommunications. For more information, please visit www.strongexploits.com
Penetration Testing: It works WITH You Penetration testing has been seen as a solely offensive security measure for a very long time in the cybersecurity industry. Although this procedure is offensive in nature, it can be implemented as a method to protect an entity from compromise by an attacker. There are some circumstances where a penetration test can discover evidence of a possible data breach or unknown intrusion in a network. Also, the possible attack vectors could have a chance in being either mitigated or patched before they could potentially be compromised. WHY INTRUSION PREVENTION ISN'T ENOUGH ? Intrusion prevention systems (IPS) are often implemented to block malicious activity and prevent intrusion attempts from an external attacker. The countermeasures rely heavily on pre-configured rules and settings that can collectively give an alert of suspicious activity. Intrusion prevention systems are also known for generating false positives and it is due to the inability to distinguish between malicious and normal traffic at times. A black hat hacker could take advantage of this flaw and disguise intentional malicious traffic as normal traffic by interacting with an open, yet unnecessary port and service. Which Do I Need ? Penetration Testing or Red Team Engagement ? The needs of the agency, company or organization determine if there is a use case for a penetration test or a red team engagement. Unlike common belief, red teaming and penetration testing are not entirely synonymous because the scope of the processes have a strong distinction. The primary goal of a penetration test is to discover as many vulnerabilities as possible and properly exploit them within the guidelines of the scope. There are some compliance standards such as PCI DSS and ISO 27001 which require penetration testing and when a significant change to the infrastructure has taken place as well. The necessity of being aware of vulnerabilities and weaknesses is absolute when compliance expects the entity to be knowledgeable of the threats. Red Team Engagements have a sole purpose in testing the response capabilities of the agency and testing the alert communication strategies of the client. The target of a Red Team Engagement is typically a more focused type than a penetration test and the duration of the engagement is much longer than a penetration test. As the Red Team agrees upon goals that fall within the rules of engagement, specific vulnerabilities will be targeted as a compromise of them could lead to achieving the goals.