Red team penetration testing
Find out what it takes to get in
What is penetration testing?
Penetration testing is a simulated attack on your network, orchestrated by a certified security engineer or group of security engineers to attempt to compromise your network and digital assets. Assets generally include sensitive information the company needs to protect, such as credit card information and user data. Of course, all of our experts are trained so as not to cause any damage or delete any data during the exercise. The goal is to expose flaws and breaches in order to demonstrate how much data could be stolen, or how your infrastructure and security team would cope with a real life attack.
In order for the simulated attack to be as close as possible to real life, we can attempt to break into your network using all means available and without any prior knowledge of your network (black box testing). All data can be gathered from publicly available sources or from our own internal assessment procedures. Sharing some information prior to the test (grey box testing) usually helps uncover more vulnerabilities. But for maximum efficiency, opening the source code to our team (white box testing) typically offers the best coverage to uncover as many vulnerabilities as possible.
Why perform penetration tests?
Increases in high-profile data breaches, affecting millions of people, continue to make headlines. Today more than ever, information is power. Too many companies fail to protect their Intellectual Property or their clients' personal information, which can lead to substantial financial losses and in some cases bankruptcy. So why risk your business over a potential data breach?
All companies that have a website and tangible assets which are accessible online should consider penetration testing on a regular basis. Furthermore, IT Security Compliance regulations and guidelines require an organisation to regularly conduct independent testing of the Information Security Program to identify vulnerabilities.
Yes, certifications matter.
If you are going to trust a company to attempt to penetrate your network and potentially handle sensitive data, you need complete trust in their ethics, loyalty and qualifications.
All of our highly skilled security engineers hold one or more of these certifications: ISO 27001 Lead Auditor, OSCP, CISSP, CISM, CLAS, CISA, CREST, STAR, CEH, OWASP, SANS / CWE, TIGER Scheme. Silent Breach invests heavily in ongoing training programs to enable our employees to be at the cutting edge of infosec.
In addition, Silent Breach regularly sends our staff to leading IT security training at conferences such as Blackhat & Defcon. In collaboration with our security partners, Silent Breach invests in uncovering 0-day exploits and in developing our own tools to find vulnerabilities and security holes.
Finally, Silent Breach participates in contests such as Capture The Flag (CTF) to measure our teams against the best experts in the industry.
How often should companies conduct penetration tests?
More and more organisations are looking to pro-actively tighten security, and conducting penetration tests on a regular basis is the perfect place to start.
Silent Breach offers comprehensive recurrent data breach testing programs, to keep your business safe today, and tomorrow. Because new 0-day exploits are crafted every day, new bugs are uncovered and because hackers always find new creative ways to compromise your network, penetration tests need to be conducted on a regular basis to ensure all the latest security patches are in place, and your business is safe.
For recurrent testing and a more comprehensive all around protection, please consider our Managed Defense Program.
ExternalExternal penetration testing is the attempt to compromise your assets from outside your perimeter network. In order to protect yourself from outside threats, we test all internet-facing components (websites, email servers, DNS servers, and so on) for potential security gaps that would allow an attacker to breach the system and gather or damage sensitive data.
InternalIn excess of two thirds of computer intrusions originate from within the company. Internal attacks can have a disproportionately large impact on a business and its processes given the nature of internal trust relationships. Inside information gives an attacker an important edge in stealing sensitive information or bringing down critical services of the company.
Black BoxBlack box testing refers to testing a system without any prior knowledge of the target. All information is gathered from either public sources, or through a specific assessment of the client's infrastructure. Black box testing is usually preferred to simulate real life attacks from external hackers.
White BoxWhite box testing refers to testing a system with shared knowledge of the system, in full collaboration with the client and their technical staff. White box testing is usually preferred when simulating internal attacks, where employee might exploit well-known flaws in the system.
Grey BoxUnsurprisingly, grey box testing is a combination of black and white box testing, meaning that we will conduct penetration testing with a limited amount of information on the target(s). This is usually preferred for cost efficiency reasons, to save time in the gathering of information required during black box testing, which can be very time consuming (and costly).
There are different levels of tests that we can perform, depending on the package you subscribe to. They range from basic sanity checks to full team attacks on live systems.
|Tier||Tier 1 / opportunistic||Tier 2 / full coverage||Tier 3 / determined attack||Tier 4 / redteam attack|
|Duration||1 week||2 weeks||2 weeks||4 weeks|
|Post patching verification||yes||yes||yes||yes|
|FREE if no breach||no||no||no||yes (*)|
|Cost||Please request cost sheet||Please request cost sheet||Please request cost sheet||Please request cost sheet|
Your network evolves, new security flaws are found every day, hackers are getting smarter; protect your business today and tomorrow.
|Duration||Quarterly Tier 1 tests||Quarterly Tier 2 tests||Quarterly Tier 3 tests||Quarterly Tier 3 tests
+ bi-annual Tier 4 tests
|Quarterly Tier 4 tests
+ bi-annual Tier 5 tests
|Cost||Please request cost sheet||Please request cost sheet||Please request cost sheet||Please request cost sheet||Please request cost sheet|