Threat Risk Assessment Services
by IthacaLabs™
Assess your ability to stop,
contain and mitigate attacks

Odyssey’s Threat Risk Assessment services by IthacaLabs™ help your organization Identify, Quantify and Prioritize Vulnerabilities and configuration Weaknesses found in your mission-critical systems, applications, IoT, network and security devices, whether in the cloud and/or on-premises. Through Threat Risk Assessment services by IthacaLabs™ you are able to assess your organization’s readiness, resilience, risk level and response capabilities in stopping, containing and mitigating targeted attacks.
Combined Experience
Over 20 years of combined experience in diverse security areas, and with more than 1000 tailor-made assessments under their belt.
Combined Expertise
IthacaLabs™ team is supported by 140 cybersecurity consultants and engineers from other departments within Odyssey.
World-class ethical hackers
The team includes industry experts with a plethora of global achievements and certifications who constantly stay one step ahead of the information-threat curve, delivering high-quality up-to-date results.
Holistic Methodology
The IthacaLabs™ methodology takes a 360° approach to be penetration testing process.
Following the strictest requirements
Delivers high-quality service and results by following the strictest framework requirements of PCI DSS.
Our Services
Ethical Hacking Exploitation Exercises
Sophisticated cyberattacks constantly evolve and can easily avoid detection, hide their malicious activity and exploit seemingly insignificant vulnerabilities. Simulating an attack under controlled conditions is probably the best way to realize how intruders could actually approach your External perimeter, internal network, Wireless network, VoIP and applications such as Mobile apps, Web-based, or client-based and also reveal the actual risk posed to your company by a potential compromise. An Ethical Hacking Exploitation exercise is a simulation of real-world attacks that involves authorized persons’ use of attacking methods simulating hostile intruders’ techniques. Such exercises are using the same tools and techniques as an adversary might. Odyssey’s Ethical Hacking Exploitation exercises help you optimize your return on investment while offering highly customized and tailored solutions that suit your individual needs.
External Penetration Testing (BlackBox)
An Ethical Hacking exercise is a simulation of real-world attacks that involves authorized persons’ use of attacking methods simulating hostile intruders’ techniques.
Ethical Hacking is designed to answer how effective your existing security controls are against an active, human, skilled cybercriminal in the real world. Ethical Hacking exercises focus on the external perimeter of the organization and proactively identify and exploit critical exposures in operating systems, services and applications across your enterprise.
Internal Penetration Testing (BlackBox/GrayBox)
Internal penetration test is designed to answer how effective your internal security controls are against an active, human, skilled cybercriminal in the real world with access to the internal network. Such Ethical Hacking exercises focus on the internal network of the organization and proactively identify critical exposures in networks (VoIP, Data-Centre, Users-LAN etc.) operating systems, services and applications across your enterprise.
Tailored Penetration Testing (BlackBox/GrayBox)
i) Web Application Penetration Test
Web Application penetration testing exercises are designed to answer how robust, reliable and secure are your web applications and how effective your existing security controls are against an active, human, skilled cybercriminal in the real world. Web Application penetration testing exercises focus on the internet accessible and internal web applications of the organization and proactively identify critical exposures in the web applications, underlying infrastructure and the communication between the web application clients and servers.
ii) Mobile Application Penetration Test
Mobile Application penetration testing services proactively detect critical exposures in mobile application platforms (iOS & Android), services and applications across your mobile enterprise, to identify how protective measures might be misused, mismanaged, attacked, or incorrectly configured. A comprehensive approach to risk management is required to safeguard your Mobile Applications and data.
iii) Wireless Penetration Test
A Wireless assessment is a simulation of real-world attacks that involves authorized persons’ use of attacking methods mimicking cybercriminals’ techniques. Wireless Network Penetration Testing is designed to answer what is the real-world effectiveness of your existing security controls against an active, human, skilled cybercriminal. This test focuses on the wireless network infrastructure of the organization and proactively identifies critical exposures in devices and hosts connected to your network.
iv) Remote Access (VPN) Penetration Test
A Remote Access (VPN) assessment is a simulation of real-world attacks that involves authorized persons’ use of attacking methods mimicking cybercriminals’ techniques. Remote Access (VPN) Penetration Testing is designed to answer what is the real-world effectiveness of your existing security controls against a skilled cybercriminal targeting your Remote Access services (VPN).
Red Teaming for Readiness & Resilience
A Red Teaming engagement assess your readiness, resilience and response capabilities by simulating realistic cyberattack campaigns directly targeting your organization. Imagine a team of world-class ethical hackers unleashing a series of simulated, pre-agreed and transparent attack campaigns, on a technological and premises accessibility level, with the aim of uncovering weaknesses in your digital and/or physical security defenses. The end result is a detailed report on findings accompanied by specific recommendations and lessons learned to help you with your overall security objectives based on your organizational risk appetite. Red Teaming bolsters your security defenses and processes by drastically improving your organization’s readiness, resilience and response capabilities against risks posed by people, processes and technology. Experience how your security procedures and personnel fare under real-world attack scenarios, such as data theft, espionage, extortion, sabotage, cyber warfare.
Vulnerability Assessment
A vulnerability assessment is a systematic process of identifying, quantifying and prioritizing vulnerabilities and configuration weaknesses in a system, an application or a network component and other parts of the IT ecosystem. It evaluates if the system is susceptible to any known vulnerabilities, and assess organization’s exposure to targeted cyber-attacks. Furthermore, the vulnerability assessment process assigns severity levels to those vulnerabilities, providing security teams and other stakeholders with the information needed in order to analyze and prioritize risks for potential remediation in the proper context. It seeks to identify how protective measures might be misused, mismanaged, attacked, or incorrectly configured. An efficient scanning and vulnerability remediation process improves the security posture of an organization and reduces security liabilities. In addition, Vulnerability Assessment services can be used for regulatory and compliance purposes once executed by approved tools and methodology such as the PCI ASV scans.
Vulnerability Scanning
A Vulnerability Assessment is the regular process of identifying, quantifying and prioritizing the vulnerabilities in a system, an application or a network component without exploiting the identified issues. It seeks to identify how protective measures might be misused, mismanaged or incorrectly configured. An efficient scanning and vulnerability remediation process improves the security posture of an organization and reduces security liabilities.
PCI ASV Scanning Services
Vulnerability Assessment services proactively detect critical exposures in operating systems, services and applications across your Cardholder Data Environment (CDE), seeking to identify how protective measures might be misused, mismanaged, attacked, or incorrectly configured. A comprehensive approach to risk management, including quarterly or ad hoc external network scans, is required to safeguard your valuable assets, and keep your organization compliant with the PCI DSS.
Social Engineering
Social Engineering describes a non-technical type of intrusion that relies heavily on human interaction. During a Social Engineering attack, perpetrators mislead a person, usually an authorized employee whose real identity was acquired, into performing actions that they should not. Perpetrators then use information collected through Social Engineering attacks to bypass normal security procedures or physical access controls and cause severe damage to your entire organization.
Odyssey’s Social Engineering services help you optimize your return on investment while highly customized and tailored solutions that suit your specific needs. Our IthacaLabs™ team of experts undertake the design and execution of a series of Social Engineering tests leveraging a variety of techniques to identify and address security weaknesses that a hostile intruder could utilize for gaining unauthorized access to the organization’s systems through the Internet, telephone or physically.
Incident Response & Digital Forensics Ad-Hoc Assessment
During a breach’s investigation, it is vital for the affected organization to detect the root cause as quickly as possible in order for the threat to be contained and for the impact to be minimal. Often this can only be achieved through in-depth digital forensics or computer forensic investigation.
Odyssey’s Incident Response and Digital Forensics services investigate the incident and search for clues by following the chain of custody to extract the critical information you need to understand precisely what happened using a six-step process; Preparation, Detection & Analysis, Containment, Eradication, Recovery, Post Incident Review.
Security Configuration Audit
A Secure Configuration audit is a detailed review and verification of the configuration settings of security devices and network components including also Cloud Security compensating controls to leverage and maximize the gain of your investment of the IT environment. Such audits needs to be performed on different levels and can be perfectly aligned with an organization’s defense in depth security strategy.
Odyssey’s Security Configuration Audit Assessment services protect your return on investment while at the same time offer highly customized and tailored solutions that suit your specific needs.
Related Resources
TALK WITH
AN ADVISOR
Our advisors are standing by to address any of your enquires. Request a callback now.
