Consulting to Improve Your Security Posture

NIST 800-171: 3.11.2

KLC Consulting performs Ethical Hacking Consulting (Penetration Test and Vulnerability Assessment Consulting) to evaluate and improve your organization’s security posture in compliance with NIST 800-171 and CMMC 2.0. We present findings together with our recommendations to strengthen your cybersecurity defense and we’re ready to help with remediation.

Vulnerability Assessment for CMMC

A Vulnerability Assessment discovers security vulnerabilities within an organization’s information system environment. You come away with a better understanding of assets, security flaws, and overall risk. And our recommendations reduce the likelihood that a cybercriminal can breach your system.

Internal Penetration Test (a PenTest) for CMMC

An Internal Penetration Test simulates how an external (or internal) attacker would navigate an information system environment to hack sensitive/protected information. So a penetration test is the logical “next step” after a Vulnerability Assessment to improve security posture.

Especially relevant: People often use the terms “Vulnerability Assessment” and “Penetration Test” interchangeably. But they’re very different. A good analogy to understand the difference is: a Vulnerability Assessment identifies how a burglar can break into your home. A Penetration Test identifies assets the burglar can find. And how they can steal, destroy or hold them hostage once inside.

Web Application Penetration Testing for CMMC

KLC is an Ethical Hacking Consultant. We perform Web Application Penetration Tests to identify security weaknesses across an entire web application, APIs, and components (source code, database, back-end network, etc.) Our Pen-Tester develops a simulated attack using manual, automated, and customized proprietary tools.

Wireless Network Assessment for CMMC

BYOD (Bring Your Own Device) and Wireless Networks provide employee convenience but add another potential attack surface. A Wireless Network Assessment includes a full audit of your BYOD policy and improves the overall maturity of your business’s security posture.

Social Engineering
(Simulated Spear Phishing)

A Spear Phishing or Business Email Compromise (BEC) attack relies on human fallibility (“Social Engineering”) rather than a hardware or software vulnerability. It’s a surreptitious email attack seemingly from a trusted source that targets specific individuals or departments within an organization to trick people into sending money, handing over sensitive information, or even just downloading malware. The authors of these attacks use lies, trickery, forgery, and outright manipulation to succeed. Most cyber-attacks and successful data breaches begin with a spear-phishing email. So we conduct simulated spear-phishing attacks to help identify weaknesses in security posture, evaluate perimeter software defense, and recommend improvements to employee training.

Check out our FREE phishing email training video series

Call for an Introductory No-Cost Consultation: 617.314.9721  x158

Social Engineering (Physical) for CMMC

Physical, social engineering is an onsite, face-to-face, simulated attack. We use a client-approved pre-text scenario of a hacker posing as a credentialed IT/telephone technician or building maintenance person requesting access or sneaking into secure IT areas to perform a Penetration Test internally. The goal is to evaluate security controls over physical access and related employee preparedness.

Digital Footprint Analysis for CMMC

We gather public information available to hackers, which is often the first step in a targeted attack. Suppose attackers can leverage system configurations or applications to differentiate valid usernames from invalid ones. In that case, they can begin a malicious Spear Phishing campaign or formulate brute-forcing or guessing attacks on passwords to legitimate user accounts and access sensitive systems and resources.

Firewall Configuration Review for CMMC

We review the firewall configuration and rule sets to ensure that actual configurations and traffic flowing through the firewalls matches approved configuration restrictions.

Check out our conversation with Penetration Testing expert – Chris Centore, OSCP

“The most critical factor in CMMC Level 2 compliance is discerning the CUI you handle, segregating it, and minimizing its footprint within your business organization.”

– Kyle Lai, CISSP, CISA, and President
KLC Consulting, Inc.

Sail Through CMMC Compliance With
Our 7-Step Navigator

Check out our YouTube channel and LinkedIn pages for the latest informational and educational resources for Cybersecurity Maturity Model Certification.

Scroll to Top