A network vulnerability assessment is a way for your organisation to assess the strength of the security of a particular network. It helps identify possible security vulnerabilities and loopholes in your network that a hacker could use to exploit and cause serious harm to your organisation. The process involves examining your public facing infrastructure, and what is present in your internal network.
An external assessment involves our ethical hackers looking at your network from the outside looking in, the same way a cybercriminal would view your organisation. Our team will map out your public facing network, and any services that can be detected. This information can be used to identify vulnerabilities that hackers would use to attempt to break into your network. Our team will produce a report highlighting these vulnerabilities and make recommendations on how to mitigate risk and increase resilience.
An internal assessment will detail to your organisation what a hacker could do if they gained access to your office network. This stage simulates an attacker who has successfully breached your internal network perimeter and is attempting to exploit any services present within the infrastructure. For instance, this would simulate a rogue cleaner or visitor connecting to your internal network or a malicious hacker successfully breaching an external device or service and using this to gain a foothold on your internal network. Our Ethical Hacking team will identify weaknesses and vulnerabilities in your network that a hacker would use to cause serious business disruption and harm. Our team will produce a report highlighting these vulnerabilities and make recommendations on how to mitigate risk and increase resilience.
Each test conducted will result in a comprehensive report with the following key sections:
- Executive Summary – A high-level overview of the test that was undertaken, and a non-technical summary of the results found and what level of risk they present to your organisation
- Methodology – What tests were undertaken in a more technical language, useful for IT professionals within the organisation.
- Findings and Results – A comprehensive list of the results of the test, including a severity categorisation of the vulnerabilities found, steps to reproduce the result, and recommendations for mitigating or resolving the vulnerability
With each test, the timeframe for reporting is within 6 weeks of the test-taking place.