Penetration testing uses a variety of tests to try and exploit vulnerabilities in your security systems, on either a ‘lite’ or ‘deep’ level. It’s usually designed with a specific goal in mind – access to HR records, for example – to test the strength of your security defences. We use both ‘white box’ and ‘black box’ pen testing. White box testing uses pre-disclosed information (like server functions, usernames and passwords), whereas black box tests are performed with very little knowledge of the target system.
Peace of mind… Once your security is in place, how do you gauge how well it’s functioning? Don’t wait until you’re under threat from a security breach. Pen testing isn’t designed to highlight every vulnerability in the system, but takes a defined path to test your objectives. It can also expand beyond your network or application to include social engineering or physical security tests, where we target specific users or parts of the system to check for security weaknesses.
Combine a vulnerability audit – which scans your network for vulnerabilities – with activity from a penetration tester, manually testing to verify the audit and reporting back, setting out how security was breached, with suggestions for recalibrating your security plans.
We recommend testing every new piece of equipment you install, or a vulnerability audit and lite pen test every four months.
Full – or deep – penetration testing targets areas not covered in a ‘lite’ audit, including things like compromised switches, old databases with passwords and back-end processing password weaknesses. These can be exploited by hackers to access your network and gain sensitive data – full penetration testing mimics the hack so that you can reinforce your security from a position of knowledge.
Ensure that current security policies, controls and technologies work
Make sure your system is compliant, and identify any risk that could affect your business
Peace of mind that critical data is protected
Check your network, web applications and wireless, and a defined number of IP addresses
Use ‘social engineering’ to contact employees via email for phishing or malware attacks, and contact employees via phone to elucidate information
Both full penetration and pen testing lite options, to suit your business
SysGroup take security seriously. That’s why we’re trusted by customers large and small across the retail, financial services and charities sector. When we work with you we set clear security objectives, working out exactly what you want to achieve, and test it to make sure it’s robust and effective. And then we suggest any remedies or updates you need to make sure security is as robust as possible.