The Challenge Companies Face
Unauthorised access to company resources using existing and new vulnerabilities is a serious security concern. Verifying that new and existing applications, networks and systems are not vulnerable to a security risk is key to addressing these vulnerabilities before they can be utilised by unauthorised users. While vulnerability assessments are a "light touch" evaluation to identify gaps and vulnerabilities in your network, further testing is required to show how an attacker would gain access to your environment and use those systems as a base for attacks deeper into the network.
The Solution: Penetration Testing
SecureWorks approaches every penetration test as unique to every organisation. Our methodology is performed by the industry’s top security testers, leveraging our proprietary tactics and intelligence from the SecureWorks Counter Threat Unit™. Both Penetration and Advanced Penetration Tests are designed to show how an attacker would gain unauthorised access to your environment by compromising in-scope systems and highlight pivoting opportunities from compromised hosts. Based on the findings, SecureWorks will discuss the findings with all relevant audiences and provide a customised course of action for both leadership and technical audiences.
We offer the two types of penetration testing:
Penetration Testing goes further to help your organisation meet compliance requirements and shows how an attacker would gain unauthorised access to your environment by compromising your email systems, firewalls, routers, VPN tunnels, web servers and other devices.
- Penetration Test - provides network testing, validates your configuration and patch management, and identifies the steps you can take to improve security.
- Advanced Penetration Test – a more complete test than a penetration test that aims to identify methods a hacker could use to gain full, persistent control of your system, enabling attacks that penetrate deeper into your network.
Key Benefits of Pen Testing:
- Validate internal and/or external security controls, including protections around high-value systems
- Manual testing that simulates current threats, including pivoting and post exploitation
- Satisfy compliance needs, including PCI 3.x, FFIEC, HIPAA
- Confidence in the assessment knowing that the latest threat intelligence and tactics from the SecureWorks Counter Threat Unit™ were utilised
- Tests users in conjunction with your external and internal networks
- Simulates a common real-world threat; spear phishing + external testing that segues into an Internal foothold
- Tests your response and detection capabilities