Penetration Testing for Networks
What is Penetration Testing?
Penetration testing, or ethical hacking, involves Intertek actively testing websites, devices and infrastructure for security vulnerabilities, so that any such weakness may be closed before it’s identified and exploited by a hacker.
Why do we need Penetration Testing?
The need to test the security of an organisation’s network defences and key systems has never been greater, driven by the growth in connected devices, remote working and cloud-based applications and the increasing frequency, sophistication and damaging nature of cyber-attacks.
A regular cycle of penetration testing:
- Can help identify new weaknesses in infrastructure or applications which could be exploited by hackers
- Demonstrates a responsible attitude towards the protection of data
- Shows a proactive risk management process in a rapidly evolving field
Intertek’s approach to Penetration Testing
Intertek’s penetration tests are delivered by experienced and qualified testers following an agreed methodology and using safe and proven tools. Intertek will provide you with a prioritised list of security weaknesses alongside cost effective actions to improve security.
Penetration testing can help you address both assurance and certification needs:
- Assurance - Enabling you to identify and mitigate the intrinsic risk in your networks, operations, supply chains and business processes
- Certification – Formally confirming that your products and services meet trusted external and internal standards (see dedicated section)
Tests can support you in securing a range of system types including:
- Web sites and applications
- Network and cloud infrastructure
- Workstations and mobile devices
- Connected devices (IoT)
Tests can be performed from an external perspective to target Internet facing systems, and from an internal perspective to assess servers and end user devices.
The objective of a penetration test assignment will be tailored to your requirements and may include:
- Network wide – targeting all systems to establish baseline security against your internet and internal footprint
- System focused – assessing the configuration of a new server build or web application release
As well as ‘traditional’ pen testing, Intertek also provides Red Teaming services. A Red Team project closely simulates a real-world hack, with Intertek’s experts assessing potential organizational weaknesses, gathering intelligence and then launching a mock cyber-attack in real time, using similar techniques to real hackers, such as phishing attacks. Because only the most senior members of the client are aware of the project, a Red Team project also exercises the client’s internal cyber security team, providing invaluable practice in responding to sophisticated severe cyber-attacks.