Managed Penetration Testing

Always on the lookout for threats

Managed cyber penetration testing assistance

Penetration testing is the manual testing of a computer system or network (usually found and exposed via a vulnerability assessment from an approved scanning vendor or ASV), in order to find and exploit vulnerabilities or “chinks in the armour” of a network’s defences.

In layman’s terms, a vulnerability assessment is the equivalent of finding a set of keys at the bottom of a driveway (there’s a vulnerability, but what that vulnerability means is undetermined). A penetration test would be the equivalent of picking those keys up and trying the keys in the lock of the front, back, garage, and car doors in order to test whether the vulnerability can be exploited. Clients will receive both a report outlining all current vulnerabilities and remediation advice for how to address the vulnerabilities found.

Secon can help find the right penetration test for you and immediately put the remediation advice into practice, securing your organisation from potential attacks.

What types of
penetration test are there?

Penetration tests typically fall under one of two categories from a credential perspective.

  • Full credentials: The tester is provided with information such as the range of IP addresses, make and model of firewalls, details around the operating systems used, etc. Additionally, it’s common that the tester will be provided with credentials such as usernames and passwords ahead of the test.
  • No credentials: The tester is provided with no information around the target other than the name of the company. Due to the unknown factor involved, a test with no credentials is typically sandboxed and delivered within a definitive timeframe (i.e., we’ll attack the network for three days and report on what we find within that time).

Once the issue of credentials has been clarified, there are a number of different types of penetration tests that can be carried out. Some of the most common tests are:

  • External infrastructure test: Test of the external infrastructure and usually takes the form of external IP testing.
  • Internal infrastructure test: Test of the internal infrastructure within a network and typically involves a sample of desktops, servers, switches, and routers.
  • Web application test: Test of web applications and typically involves attempts to escalate privileges and use cross site scripting (XSS).
  • Firewall configuration review: Review of current firewall configuration to ensure there are no conflicting rules in place.
  • Social engineering: Testers will physically breach a building in order to bypass internet security protocols and expose breaches in physical security.

Do I need a penetration test?

Whilst there are many drivers for choosing a penetration test, the most common ones are:

  • Best practice: It’s best practice to regularly carry out a penetration test. Networks are continuously changing, and a penetration test is the best way to establish where new vulnerabilities lie.
  • Compliance: Certain industry or cyber security compliance standards require a penetration test. For example, any organisation who receives card payments must comply with Payment Card Industry (PCI) standards, which mandate an annual penetration test.
  • A major update or network refresh: If your organisation has recently gone through a major update or network refresh, a penetration test can ensure that your network is as secure following the update as it was prior to it.

Why Secon?

Secon has over two decades of experience in the cyber security industry and we know what our clients need.

We work with a broad network of trusted partners and match our clients with the right penetration testing organisation that can carry out both CHECK and CREST certifications.

By working with Secon, our customers can:

  • Utilise existing procurement routes in order to schedule penetration tests with vetted providers
  • Review the final report’s remediation advice with our in-house security experts
  • Consult our team on how to prioritise and implement the advice