Penetration testing by MWR

Page icon

The techniques, tactics and procedures of modern cyber attackers are increasing in sophistication and frequency at an alarming rate. As a result, the landscape in which organizations manage critical data, assets and finances is both complex and unpredictable. To be resilient, a cyber security strategy that focuses on both the internal and external vulnerabilities and threats facing an organization is key. Such an approach provides an understanding of the given organization’s risk status while facilitating the implementation of informed and appropriate counter measures.

As a broad introduction to MWR’s penetration testing services, the following categories apply

Goal-oriented penetration testing: testing according to your organisation’s assets

A penetration test is typically an assessment of the IT infrastructure, networks and business applications to identify attack vectors, vulnerabilities and control weaknesses. While traditional penetration testing is effective at detecting various system vulnerabilities, there is no guarantee that an attacker will make use of these noted vulnerabilities. Moreover, sophisticated attackers are likely to execute an attack that is specific to a pre-identified asset. A more targeted testing process is therefore needed to address the risk of such attacks.

Goal-oriented penetration testing by MWR is more tailored than traditional penetration testing. By mimicking the approach an attacker would take according to an organization’s critical assets, this form of penetration testing will provide a focused report that incorporates the most relevant vulnerabilities. 

External penetration testing: understanding your perimeter

As most attacks are initiated by external threat actors, an outside-in approach to security is a good starting point when assessing an organisation’s risk status. Moreover, while it is useful to know what an attacker can do once on a network, they first need to access it from the outside. As such, the resilience of the perimeter of an organisation’s IT infrastructure is necessary for attack prevention. Knowledge regarding this part of one’s infrastructure is important as it is the best place to stop an attack.

External penetration testing by MWR will determine the likelihood of an adversary gaining access into an organisation’s internal network. It will provide the organisation with information regarding why and how such an attack is possible. When performed regularly and in addition to other preventative counter measures, the results of external penetration testing will help to improve an organisation’s security status.

 

 

 

Request a call back

Accreditations & Certificates

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 9001 and 14001 in the UK, internationally accepted standards that outline how to put an effective quality and environmental management systems in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by CESG for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.