WHAT IS PENETRATION TESTING?
Penetration testing (also called ‘pen testing’ or more commonly ‘ethical hacking’) is the practice of testing computer systems, networks, and web-applications to find vulnerabilities that attackers could exploit.
A penetration test is an information security assessment which simulates an attack against an organisation’s IT assets. Our ethical hackers examine your IT systems for any weaknesses that genuine attackers use to compromise the confidentiality, availability, or integrity of the network and associated data.
Underneath you will find more details on each type of Penetration Test offered by ThinkMarble.
WHAT VALUE DO I GET FROM A PENETRATION TEST?
A ThinkMarble penetration test will produce Technical and Management reports containing vulnerabilities, remediation steps, and guidance. This allows you to plan and prioritise any improvements to the way you process and store your data, thereby reducing your organisational risk.
Yet, whilst this is valuable in itself, there is a lot of additional value that may not be immediately obvious. For example, by demonstrating a commitment to responsible and secure processes, you build trust with your Clients, Partners, and regulating bodies that take your security obligations seriously.
From a commercial perspective, a penetration test can help close new business opportunities. If your customers are regulated, they may, in turn, need you to show that your products, services or environments are security tested regularly. Being able to demonstrate this as part of your negotiations may be critical to you receiving the order.
At the end of the penetration testing and remediation processes, you can be sure that ThinkMarble has assisted in ensuring that your business is now more aware, and cyber secure.
Advanced Cyber Security Threat Detection and Vulnerability Assessment solution
Conduct penetration test in the same way as actual malicious hackers
Latest tools and techniques used by our ethical hackers
Not always necessary for our ethical hackers to be at your premises
Comprehensive reporting explaining each exploitable vulnerability
Detailed remediation and resolution steps to enhance your cyber security
Provide real information on vulnerabilities within your IT infrastructure
Compliance adherence. Certain standards and certification bodies require penetration testing
Providing your Clients and stake-holders a clear message that you take cyber security seriously
Thoroughly tests your existing cyber-security defence capabilities
Protect your reputation and brand
24/7/365 Security Operations Centre staffed by highly skilled and certified security experts
WHAT IS AN ETHICAL HACKER, AKA THE RED TEAM?
The Red Team can be considered the actual Pen Testers. Their primary objective/goal is to emulate the mindset of an attacker; to try and crack open all of the present weaknesses and vulnerabilities in the systems. In other words, it is the Red Team that attacks all possible fronts.
INTERNAL PEN TESTING
Our ThinkMarble Internal Penetration Test examines internal IT systems for any weaknesses that could disrupt the confidentiality, availability, or integrity of the network. The organisation can then address each weakness.
EXTERNAL PEN TESTING
An External Internal Penetration Test examines external IP address ranges or IT systems for any weakness that could disrupt the confidentiality, availability, or integrity of the network. The organisation can then address each weakness.
THERE ARE TWO MAJOR CLASSES OF PENETRATION TEST:
‘Black box’ testing is when our Penetration Testers are not given any prior information about the target network or system. This simulates conditions in the wild, as external hackers must probe and pry at their real-life targets to discover access points and weaknesses.
This contrasts with ‘White box’ testing, where testers are provided with proprietary information such as network diagrams, passwords, application source code, IP addresses etc… in an attempt to identify existing vulnerabilities in a known configuration.
TYPICAL PENETRATION TEST PROCESS:
Real-world and Online Reconnaissance:
The testers search multiple sources to obtain information about your organisation
Probe for Points of Access:
The testers will try to discover ways of infiltrating your network
Attempts at Vulnerability Exploitation:
Rigorous testing using specialist software tools and methods
Brute Force Penetration Attempts:
Sustained hacking attempts of user credentials
Social Engineering Tricks:
An assortment of different techniques to obtain user credentials and information
Testers will attempt to gain control of computers and devices on your network
Having taken over a network resource, they use it as a springboard to search for other valuable targets
Collection of Corroborating Evidence:
The testers will extract something from your network to prove they successfully gained access
The testers will produce full documentation of findings with recommended remediation steps
Follow up Penetration Test:
Ensures mediation steps have been implemented