Internal Penetration Testing
Assessing your internal network is a layered process – scanning alone will not find all vulnerabilities. Our expertise in compliance-driven industries will improve your overall security posture.
Vulnerabilities can be virtually everywhere on your network. Ranging from old software that needs a security patch from the vendor or weak system configurations, to vulnerabilities hiding in custom applications on your network that can be exploited to gain direct/privileged access to your network. With the introduction of cloud infrastructure, vulnerabilities have extended further into hosted environments that may have ties to the internal networks.
The search terms “vulnerability scan assessment,” “manual penetration test,” and “pen test companies” are often used interchangeably due in great part to marketing hype and sloppy use of terms like “scanning” – which is not penetration testing; automated vulnerability scanners are limited to scanning for known vulnerabilities. Deep-dive manual penetration testing simulates the overt actions of a malicious attacker producing real-world results on actual vulnerabilities.
Because NetSPI is driven by an across-the-board corporate culture that’s passionate about delivering the highest-value findings and recommendations possible, we do more than basic scanning, findings assessment, and manual penetration testing. Our experienced ethical hackers leverage commercial, open source, and proprietary software tools to attempt to gain unauthorized access to your networks, systems, hosts, applications, and sensitive or restricted data (e.g., PCI data, PHI, company IP, etc.).
NetSPI’s internal network vulnerability assessment service is fully customized to every client’s requirements. The service typically includes a comprehensive, process driven, and methodical scan/assess/attack program for assessing the security status of your internal network. Potential vulnerabilities identified by the initial scanning efforts are then verified to eliminate false positives. NetSPI experts thoroughly analyze the remainder, and manually probe for any unidentified vulnerabilities the scanners couldn’t find.
NetSPI performs a final, detailed review of all tasks performed during the engagement by our testers (including detailed notes, screen shots, video captures, etc.), final remediation recommendations, and additional reports designed specifically to keep senior management informed with an executive summary.
USE NETSPI RESOLVE™ FOR INTERNAL PENETRATION TESTING
Resolve is essential for every internal penetration testing project. It allows the test results to be customized in various ways, such as focusing on a particular host in a network with many hosts, or on how potential entry points can be exploited via different escalation paths. Resolve includes “white hat tips” to guide testers in exploring potential vulnerabilities and documenting them for future use by other NetSPI testers. Our proven testing methodology:
- Ensures consistency across tests and testers
- Provides repeatable testing methodology
- Correlates and normalizes scanning data from multiple tools and rounds of scanning into clear remediation recommendations
- NetSPI’s comprehensive coverage approach provides senior-consulting oversight on every project, enabling your company to leverage the expertise of the entire team of specialists to give you world-class consulting without impacting your budget
- Our consulting services utilize NetSPI Resolve™ to automate vulnerability results, data aggregation, and reporting so our ethical hackers can focus on providing your organization 20% more vulnerabilities at a higher criticality than our competitors
- Expert testing in reasonable time frame, and at a reasonable cost
- Skilled, experienced manual ethical hackers
- Mature, highly-disciplined, well-documented processes
- A tester “playbook” containing the very latest attack methods, scripts, and techniques (our top-secret stuff)
- A current-to-the-minute knowledge base
- A broad set of commercial, open source, and proprietary tools
- Detailed and actionable final remediation instruction and guidance