The techniques, tactics and procedures of modern cyber attackers are increasing in sophistication and frequency at an alarming rate. As a result, the landscape in which organizations manage critical data, assets and finances is both complex and unpredictable. To be resilient, a cyber security strategy that focuses on both the internal and external vulnerabilities and threats facing an organization is key. Such an approach provides an understanding of the given organization’s risk status while facilitating the implementation of informed and appropriate counter measures.
As a broad introduction to MWR’s penetration testing services, the following categories apply
A penetration test is typically an assessment of the IT infrastructure, networks and business applications to identify attack vectors, vulnerabilities and control weaknesses. While traditional penetration testing is effective at detecting various system vulnerabilities, there is no guarantee that an attacker will make use of these noted vulnerabilities. Moreover, sophisticated attackers are likely to execute an attack that is specific to a pre-identified asset. A more targeted testing process is therefore needed to address the risk of such attacks.
Goal-oriented penetration testing by MWR is more tailored than traditional penetration testing. By mimicking the approach an attacker would take according to an organization’s critical assets, this form of penetration testing will provide a focused report that incorporates the most relevant vulnerabilities.
As most attacks are initiated by external threat actors, an outside-in approach to security is a good starting point when assessing an organisation’s risk status. Moreover, while it is useful to know what an attacker can do once on a network, they first need to access it from the outside. As such, the resilience of the perimeter of an organisation’s IT infrastructure is necessary for attack prevention. Knowledge regarding this part of one’s infrastructure is important as it is the best place to stop an attack.
External penetration testing by MWR will determine the likelihood of an adversary gaining access into an organisation’s internal network. It will provide the organisation with information regarding why and how such an attack is possible. When performed regularly and in addition to other preventative counter measures, the results of external penetration testing will help to improve an organisation’s security status.