INTRUSIVE AND NON-INTRUSIVE
What is it?
Testing describes a range of technical services that seek to safely replicate the means, tools and methods used by attackers, in order to accurately assess a client’s resilience to those attacks. Those attacks may be internet borne hacking, insider covert data exfiltration, social engineering or physical attacks against premises and equipment. Net-Defence will create a tailored threat assessment to ensure the level of attack sophistication and persistence that we employ is appropriate to your core business and threat level. Similarly, when we make recommendations and work-plans for and required remediation, we will set the bar at the right level whether that’s a commercial IPR threat or a Government Classified System.
Why do clients need it?
Clients need assurance that their protection and defences are working as expected and aligned with the types of threat they are likely to face.
Infrastructures change over time, and a number of smaller changes, when brought together can create a significantly larger weakness than any of the single component parts.
New vulnerabilities are released hourly and testing helps to provide assurance that the defences are evolving to keep pace with the threats and vulnerabilities.
Independent, certified testing provides any business with confidence that their organisation is resilient to attack.
Ratifying a design for a new infrastructure and capturing security issues at the feasibility and design phase is far less costly than rebuilding and reconfiguration, post installation.
The following testing services are available and will be tailored on a client by client basis to ensure a bespoke test focusses on the most important aspects of any clients business:
External, internet borne penetration testing in order to attempt to infiltrate a network or system.
Vulnerability analysis which identifies potential security issues within networks and systems but is less intrusive and seeks only to discover, report and suggest remediation. An assessment of the organisations security maturity level in order to understand an appropriate level of testing.
As clients become more mature in their management of security, the testing rigour is decreased as the assurance comes from operational tasks, rather than point in time testing.
Internal business process resilience testing employs multiple techniques in order to attack a system including targeted social engineering, business process analysis and internal unauthorised covert electronic attack. This is particularly useful for a client wishing to understand how a fraud may be perpetrated, or data stolen using staff as an attack tool.
Internal vulnerability testing of systems, networks, equipment, databases, applications and access controls to understand potential attack methods and remediate weaknesses.