According to the Verizon Data Breach Investigations Report for 2019, 34% of data breaches involved internal actors. Unfortunately, many organisations tend to assume that attackers are on the outside of the network and therefore, they only concentrate on perimeter security. If you have a malicious employee, developer, a malware-infected computer or an attacker manages to collect user credentials to VPN into your network, how well will your business protect its assets?
An internal network penetration test can help you understand the vulnerabilities of the workspace better. This will improve your detection mechanisms to identify malware infected computers and usage of stolen credentials. We will help you protect internal data from infiltrators inside your network, providing you with recommendations to resolve the identified issues and reduce the attacker damage potential as much as possible.
Please note that despite the name, these tests do not have to be performed on-site, you can provide us with VPN access to a workstation or similar access and we can work remotely from there (which will be cheaper for you as well). If you require the test to be on-site, please contact us to discuss feasibility.
We do not lock ourselves into any particular list and will review your security from the perspective of a real attacker, using manual testing techniques and also automation where needed, but in a controlled fashion and always with your permission. That said, our Internal Network Penetration Tests are typically aligned to the Penetration Testing Execution Standard (PTES) and NIST SP800-115. Exposed web applications will be tested for high impact issues related to the OWASP Top 10 and the OWASP Testing Guide tests as applicable to the target application. Some examples of this are public. We focus on high impact areas to ensure that critical issues are identified and subsequently eliminated. However, we will always tailor the test to meet your specific needs, for example, maybe your threat model is different and you are worried about a different type of attacker or what your business is trying to protect is simply something not standard, we can help you with that.
Simply contact us, let us know what you need to test. We will revert with some questions to understand the scope, schedule the test and tailor the test to meet your needs, for free. If you want to proceed, we will send you an offer for signing and coordinate the steps together from there.