External Network Penetration Test
A penetration test or an ethical hack, is an authorised simulated attack on an internal or external network. It is a service designed to test your organisations network defences.
Penetration testing will typically test from the perspective of both an authenticated and non-authenticated user to ensure your network is critically assessed to identify any vulnerabilities from the potential exploit of a rogue internal user, or an unauthorised attack.
Sec-1 uses a blend of methodologies taken from industry best practice standards including:
- Open Source Security Testing Methodology Manual (OSSTMM)
- Open Web Application Security Project (OWASP)
- Council of Registered Ethical Security Testers (CREST).
Both Internal and External Penetration Test services provide a report that is comprehensive, clear and concise. The report is designed to provide information for a diverse audience of readers and includes:
- Executive Summary. The opening section of the report provides, in plain English, an executive summary overview of the entire assessment including recommendations to improve the security posture of the in-scope environment.
- Graphical Summary. Key findings are ranked, split into three impact categories and positioned in a graphical table according to the relative risk or likelihood of exploit.
- Security Evaluation by Category. The evaluation ratings compare information gathered during the course of the engagement to “best in class” criteria for security standards. An evaluation of “Excellent”, “Satisfactory”, “Fair” or “Improvement Required” is provided. Each category includes a best practice statement, evaluation result and recommendation to achieve best practice.
- Vulnerability Analysis. This section provides a detailed description of each discovered flaw including any necessary technical information and corrective recommendations.
- Exploitation Probability. Each listed vulnerability is assigned a “Probability” rating based upon how likely the vulnerability is to be exploited.
- Tests are delivered under industry best practice methodologies by qualified consultants
- Determines the security level of your externally or internally facing infrastructure
- Provides clear instruction on how to further secure your infrastructure
The Sec-1 Difference
When it comes to maximising WatchGuard products and integrating robust and secure solutions, Sec-1 have the edge. Designed to meet the needs of specific sectors, types of organisations, and compliance standards, our tailored solutions are trusted by leading private and public sector organisations throughout the UK.