Security Answers Blog

Penetration testing is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. This process helps the Commend team find and correct any weaknesses in our security vertical.

Since attackers are constantly finding and creating new technology exploits, it's inefficient to perform any kind of manual exploitation of vulnerabilities. Automating available penetration testing tools is just one part of our overall IT security roadmap.

Commed focused in the first step on CI devices, which are as follows:

• VirtuoSIS, S3, S6
• ISS devices (WS300, ID5, OD10, OD5, IM6)
• BF-SIP devices

Since the system is automated, it can run fully unattended for every new software built for a specific system. This ensures that the latest IT hardening measures are incorporated in every new software release. Over time, Commend will be implementing these measures in other solutions as well.

How Commend's Penetration Testing Works

Commend uses integrated penetration testing tools available on the market to check every firmware update before release. The test attack runs automatically during the development process, and generates a report identifying any vulnerabilities. 

Some of the tests Commend runs are:

• Scanning for open ports, reporting the found open ports and using the found open ports as an input for other tools
• Scanning the Structure Under Test for known vulnerabilities
• Scanning web servers for dangerous files/CGIs, outdated server software and other problems
• Testing a web server’s SSL/TLS settings
• Identifying vulnerabilities of SIP-based products

LEARN MORE ABOUT COMMEND'S PENETRATION TESTING >>

Quality Management

Commend's information security management complies with stringent quality standards as per ISO 27001:2013. Compliance with this standard is audited annually, with required re-certifications every three years. Quality consciousness is essential in an increasingly complex industry like ours, but Commend has always been driven by the urge to go the extra quality mile. Quality counts - and it's our passion to provide quality to count on. Simple as that.

IT Security for Intercom

Passionate commitment to physical and digital security has a long tradition at Commend. No matter how large a Commend system and the underlying network infrastructures are, no matter how it grows and changes, the IT security of our customers and users is of paramount importance and requires cooperation along the entire product value chain, from us as the provider to you, the end user. Of course, there is no simple set-and-forget solution here. IT security is not a fixed state, but a process that requires active management. That's why we've created an IT Security Policy for you, our customers and partners, which provides a general overview of what IT Security by Commend is all about. 

LEARN MORE ABOUT IT SECURITY FOR INTERCOM >>