Determine the Strength of Your Network Security with Penetration Testing
Penetration testing is a simulated cyberattack and a form of ethical hacking. A penetration test attempts to infiltrate an organization’s security defenses to find any vulnerabilities that can be exploited. Completing a penetration test is a good way to simulate threats applied to your unique environment.
Penetration testing is often prescribed as part of a comprehensive Security Risk Assessment (SRA). It is recommended that a penetration test be performed on an annual basis to mark improvements in reducing risk and to accommodate evolving vulnerabilities.
What does a penetration test entail?
Penetration testing includes four high-level activities:
- Planning – This is the information gathering phase and includes the assets to be assessed, the threats of interest against the assets, and the security controls to be used to mitigate those threats
- Discovery – This phase involves identifying the vulnerabilities and validating them when appropriate
- Attacking – This phase contains the simulated attack on an organization’s environment
- Reporting – This phase contains the risk-prioritized results of the simulated attack including an analysis of the identified vulnerabilities, root causes, and mitigation
The Tego Approach
Tego understands the value of simulating an attack on an environment in prioritizing cyber risk. When properly executed, a penetration test will yield results that properly identify highest priority risks facilitating effective investment in mitigating solutions. Our approach aligns with the guidance provided by NIST 800-115.
Internal Penetration Testing assumes an adversary has gained a foothold in the environment and proceeds through a simulated attack: gaining a foothold/access, escalation of privileges, environment observations and the installation of additional tools to prove risk to the confidentiality, integrity and availability of protected data.
External Penetration Testing evaluates an environment’s perimeter for vectors through which an adversary may gain access to the environment. Popular vectors to be tested include remote access services and common vulnerabilities found in the software of devices protecting the environment from outsiders.
Web/Social Engineering Penetration Testing test your users by trying to convince them to take an action that will allow an adversary to circumvent technical protections intended to thwart an attack. Your users are your biggest risk and this test will help determine gaps in training.
For more information on penetration testing, contact us today.