PENETRATION TESTING

Our expert ethical hackers and penetration testers provide a unique internal/external Penetration Testing service to analyse your cyber-security defences.

WHAT IS PENETRATION TESTING?

Penetration TestingPenetration testing (also called ‘pen testing’ or more commonly ‘ethical hacking’) is the practice of testing computer systems, networks, and web-applications to find vulnerabilities that attackers could exploit.

A penetration test is an information security assessment which simulates an attack against an organisation’s IT assets. Our ethical hackers examine your IT systems for any weaknesses that genuine attackers use to compromise the confidentiality, availability, or integrity of the network and associated data.

Underneath you will find more details on each type of Penetration Test offered by ThinkMarble.

WHAT VALUE DO I GET FROM A PENETRATION TEST?

InvestmentA ThinkMarble penetration test will produce Technical and Management reports containing vulnerabilities, remediation steps, and guidance. This allows you to plan and prioritise any improvements to the way you process and store your data, thereby reducing your organisational risk.

Yet, whilst this is valuable in itself, there is a lot of additional value that may not be immediately obvious. For example, by demonstrating a commitment to responsible and secure processes, you build trust with your Clients, Partners, and regulating bodies that take your security obligations seriously.

From a commercial perspective, a penetration test can help close new business opportunities. If your customers are regulated, they may, in turn, need you to show that your products, services or environments are security tested regularly. Being able to demonstrate this as part of your negotiations may be critical to you receiving the order.

At the end of the penetration testing and remediation processes, you can be sure that ThinkMarble has assisted in ensuring that your business is now more aware, and cyber secure.

SERVICE FEATURES

\

Advanced Cyber Security Threat Detection and Vulnerability Assessment solution

\

Conduct penetration test in the same way as actual malicious hackers

\

Latest tools and techniques used by our ethical hackers

\

Not always necessary for our ethical hackers to be at your premises

\

Comprehensive reporting explaining each exploitable vulnerability

\

Detailed remediation and resolution steps to enhance your cyber security

SERVICE BENEFITS

N

Provide real information on vulnerabilities within your IT infrastructure

N

Compliance adherence. Certain standards and certification bodies require penetration testing

N

Providing your Clients and stake-holders a clear message that you take cyber security seriously

N

Thoroughly tests your existing cyber-security defence capabilities

N

Protect your reputation and brand

N

24/7/365 Security Operations Centre staffed by highly skilled and certified security experts

WHAT IS AN ETHICAL HACKER, AKA THE RED TEAM?

Pin CodeThe Red Team can be considered the actual Pen Testers. Their primary objective/goal is to emulate the mindset of an attacker; to try and crack open all of the present weaknesses and vulnerabilities in the systems. In other words, it is the Red Team that attacks all possible fronts.

INTERNAL PEN TESTING

Our ThinkMarble Internal Penetration Test examines internal IT systems for any weaknesses that could disrupt the confidentiality, availability, or integrity of the network. The organisation can then address each weakness.

EXTERNAL PEN TESTING

An External Internal Penetration Test examines external IP address ranges or IT systems for any weakness that could disrupt the confidentiality, availability, or integrity of the network. The organisation can then address each weakness.

THERE ARE TWO MAJOR CLASSES OF PENETRATION TEST:

‘Black box’ testing is when our Penetration Testers are not given any prior information about the target network or system. This simulates conditions in the wild, as external hackers must probe and pry at their real-life targets to discover access points and weaknesses.

This contrasts with ‘White box’ testing, where testers are provided with proprietary information such as network diagrams, passwords, application source code, IP addresses etc… in an attempt to identify existing vulnerabilities in a known configuration.

TYPICAL PENETRATION TEST PROCESS:

  1. Real-world and Online Reconnaissance:

    The testers search multiple sources to obtain information about your organisation

  2. Probe for Points of Access:

    The testers will try to discover ways of infiltrating your network

  3. Attempts at Vulnerability Exploitation:

    Rigorous testing using specialist software tools and methods

  4. Brute Force Penetration Attempts:

    Sustained hacking attempts of user credentials

  5. Social Engineering Tricks:

    An assortment of different techniques to obtain user credentials and information

  6. Network Infiltration:

    Testers will attempt to gain control of computers and devices on your network

  7. Pivoting:

    Having taken over a network resource, they use it as a springboard to search for other valuable targets

  8. Collection of Corroborating Evidence:

    The testers will extract something from your network to prove they successfully gained access

  9. Reporting:

    The testers will produce full documentation of findings with recommended remediation steps

  10. Follow up Penetration Test:

    Ensures mediation steps have been implemented

How cyber-secure are you?

Contact us NOW

7 + 6 =

IF YOU ARE UNDER A CYBER-ATTACK, CALL US NOW: +44 (0)333 101 4399