Infrastructure Penetration Testing
Protect your digital assets: ensure your organisation’s defences are effective.
How we can assist:
Whether it’s hosted in the cloud, internally, or externally, we have multiple scenarios to simulate an attacker who might attempt to breach your network.
Tesserent technical assurance & testing services infrastructure assessments will assist your organisation in identifying exploitable vulnerabilities that may be found in your network.
Whether you are looking to meet compliance requirements such as PCI or ISO27001 or want to have a better understanding of your current attack surface, Tesserent security experts can assist you to ensure you not only meet those requirements, but will validate that your current defence posture holds up against a cyber-attack.
Tesserent External Infrastructure methodology uses both manual and automated testing of your organisation’s public facing infrastructure (for example websites and email servers) to determine if an external attacker can breach your perimeter.
What you gain from External Penetration Testing:
The Tesserent approach to internal infrastructure penetration testing is to simulate an internal attacker, potentially an employee or contractor, who has access to your internal network.
This is done by exploiting vulnerabilities and finding the attack path that a potential internal threat actor could utilise to gain access to sensitive data.
Your organisation’s internal network, (file servers, workstations, etc.), is exposed to threats from:
Organisations are encouraged to test the internal network at least as frequently as they do the external perimeter.
The Tesserent report generated as the output of this work is designed for both executive/board level and technical staff.
What do you gain from Internal Penetration Testing?
Find a company you trust
Trust is fundamental. You will be allowing this company to access your systems, customer data and sensitive company intelligence. In effect, you’ll be permitting access into the inner workings of your organisation’s operations. Be sure that they can be trusted with your data and they have a proven track record. When was the company established and how many penetration tests they have performed for large security focused organisations? Ask if they have worked with clients in your industry sector and can provide references.
Can they meet my brief, or help me define it?
To get the best value for your IT security investment, you need to know exactly where you need help, why and what you want security tested. As the saying goes, the better the brief the better the job, so clearly define your objectives and outcomes from the start.
Are they able to answer my questions?
Ask questions about the testing methodology. What defined procedures and tools does the company use? How do they protect your business and data during the testing? How do they remove false positives? How many classes of testings are performed? How are complex multi-stage attacks covered?
Is the testing out-sourced, sub-contracted or in-house?
Remember that a company does not conduct a penetration test, people do. No matter which company you go with, it always comes down to the person or the team you have working on your business. Find out who exactly will be conducting the testing, is it outsourced, sub-contracted or in-house? Ask to see their credentials and interview them by phone, Zoom or in person. Finally, ask if you can be provided with interesting findings as they occur throughout the testing.
Can they show you a typical report?
Up front, ask the company exactly what you will receive at the end of the penetration test. Ask to see what a real-world deliverable looks like. A quality report should detail the key findings and provide solid remediation advice, in priority order, to address every issue found. In short, the final report should be a valuable tool with a clearly defined action plan on the best ways to remediate vulnerabilities. Quality reports also detail how to re-test each vulnerability once the identified flaws have been fixed.
Almost all our assurance team is based in Australia and New Zealand. We do have some staff that work internationally, often because they have relocated for personal reasons but want to keep working with us. All our staff have gone through rigorous security checks.
Each engagement is unique and tailored to your environment, and the agreed scope of works for testing. A penetration test is largely priced based on the estimated number of days required to complete the engagement.
We have conducted tens of thousands of penetration tests over the last two decades. We start by listening.
Tesserent has extensive experience with complex architecture designs gained through years of experience working with clients of all sizes, industries and structures. As we are watching threat activity on a daily basis, we’re is constantly learning about the latest attack techniques, exploits and security flaws. Our methodology covers:
Tesserent is a full-service cybersecurity and secure cloud services provider, partnering with clients from all industries and all levels of government. Let’s talk.