Our Services
Penetration Testing
Company IT Systems are often complicated, with a large number of moving parts. With so much to secure, it’s easy for something to slip through the cracks. It’s very common for organisations to have a number of vulnerabilities; a combination of insecure out-of-the-box configurations, misconfiguration of settings by over-stretched IT Teams, and the implementation of new systems by Third Party Providers who may not have a security focus can introduce weaknesses leaving your organisation’s data and critical systems vulnerable.
A Penetration Test enables you and your organisation to identify vulnerabilities, and security misconfiguration affecting your IT systems before an attacker takes advantage. Armed with both the visibility of vulnerabilities, and the knowledge of the potential impacts of any issues discovered, your IT team or supplier can prioritise what to fix and where.
When working with Pentest Consultants, you’ll work directly with a friendly, professional, qualified consultant to help you identify the best way to complete security testing effectively.
Your tester will take the time to explain the advantages of each testing element without all the technical jargon, allowing you to make informed decisions and maximise the value of your security testing regardless of your security budget.
All our engagements are designed specifically for you, to meet your organisation’s unique requirements, but some example test elements include:​
- Internal Network Testing
- Segmentation Testing
- Wireless Network Testing
- External Network Testing
- Web Application Testing
- Mobile Application Testing
- Office 365 / Cloud Reviews
- Stolen Device Testing
- Social Engineering / Phishing
How does it work?
Scope
Often an underrated part of a Penetration Test, you’ll work directly with an experienced penetration tester who will help you to design a comprehensive, cost-effective engagement, regardless of your experience and technical background.
Test
Your test will start on an agreed date, beginning with enumeration of services; basically we confirm/discover what IT Systems you have and where. Systems identified will then be tested with a combination of manual hands-on-keyboard testing, and tester-lead automated scans.
Communicate
If there’s a high risk finding, you’ll be told asap, before your report is ready. We can adjust our technical language and fequency of messages to suit your team. This could be in the form of high-level summary e-mails focusing on the business risk, or working closely at a very technical level with your team/a developer.
Report & Support
Following a security assessment, your report is then produced.
Your report includes an executive summary which outlines the key outcomes of your assessment and the current risk to your organisation. Findings are included within your report with a description, impact, affected hosts, and details of how to deploy a fix.
Lets work together
Request a no-obligation, free of charge initial consultation with a penetration tester to explore how you work, and where we can help!
Vulnerability Management
Our Pentester-lead Vulnerability Management solution aims to help IT teams to actively reduce the number and prevalence of vulnerabilities within your network. With ongoing, regular scanning, and co-ordination of findings with your remediation teams we aim to help with the discovery and triage of new issues, and the close-out of any existing findings.
We start with an onboarding enagegement where we work closely with you and your team to discover how your IT systems are configured, what systems you have and where we could best deploy scanning network scanners.
A series of scheduled, automated scans will be configured to cover your network. Findings will be reviewed/confirmed by a penetration tester, and aggregated into a manageable report and remediation action plan. We’ll work with your remediation team/IT Staff to assign an appropriate remediation target date depending on the risk associated with the vulnerability identified, and the availability of your teams.
When your team have resolved, or mitigated an issue, the finding can be retested to confirm that the actions taken were successful.
Monthly reporting helps your organisation to visualise progress made and keep track of if your organisation is making progress, standing still, or if it looks like more support is required.
How does it work?
Discover
Following initial discovery of services, on-going automated scheduled scans and periodic manual discovery help to identify new devices as they’re connected to your network.
We work with your teams to bring any newly discovered devices into scope for vulnerability scanning.
Scan
Tester-configured scheduled scans are run against all in-scope devices at a schedule which fits your organisation.
Where possible without disruption, findings identified are checked / reviewed, then reported.
Report
Findings across your network are aggregated to produce a manageable report and re-mediation action plan.
We work with your IT Teams to understand the importance of affected IT systems, and assign a target re-mediation date for findings.
Retest
When findings are believed to have been remediated, or a mitigation action has been completed, the affected service and it’s findings are retested to confirm if the vulnerability has been successfully closed out.
The whole cycle of testing starting from “Discover” is then repeated.