pentest.co.uk

/penetration_testing/red_teaming

p e n t e s tI N F O R M AT I O N S E C U R I T Y A S S U R A N C E

our_services

-

get in touch

information security assuranceThe issue of information security certainly isn’t a new one and the dangers should be well known to organisations. Yet, year after year, we see organisations of all sizes being caught out by cyber-attacks. Thinking it won’t happen to you is simply no longer an option and increased GDPR fines mean the need to improve information security has never been more important. Founded in 2001, Pentest Limited provides offensive information security consultation, threat analysis, research-led penetration testing & elite red teaming services, all supported by the full-service security portfolio of Shearwater Group plc.

We pride ourselves on our client focused approach and our services are designed to not only uncover IT security vulnerabilities but to support ongoing information security efforts, to pass on our wealth of expertise and to increase the digital resilience of your organisation.

So, whether you’re a multinational looking to protect yourself against an advanced cyber-attack or a smaller organisation looking for initial advice, we’re here to provide you with the information security assurances you need.

Want to find out more about our penetration test & red teaming services? Our security experts are on hand to provide you with all the information and support you need.

T > +44 (0)161 233 0100 E > contact@pentest.co.uk

“Pentest’s work is not just about finding vulnerabilities. Thanks to their ability to clearly interpret and communicate their findings, Pentest researchers play a role in educating Oracle developers about current and emerging security threats that customers will face in real-life deployments”

Duncan Harris, Senior Director Security Assurance, Oracle Corp

-

p e n t e s t

pentest.co.uk

why choose Pentest? We act as a trusted partner to organisations across the UK and globally, including large enterprises, public sector & private sector organisations of all sizes. But what truly sets us apart?

expertise and experience Our team of security consultants have years of proven experience and a depth of expertise in application layer security. We invest significant time in security research projects, honing and developing skills which allow our consultants to deliver the best possible results for your organisation.

dedicated support Every client is appointed a dedicated account manager to oversee the testing process. We give you access to our consultants throughout the engagement and provide your team with unparalleled post-test support.

tailored approach No two organisations are the same and neither are our services. We work closely with you to fully understand your goals, the nuances of your organisation, security challenges and priorities before we undertake any work.

added value Value is about more than just cost. Our value comes from scoping engagements accurately, our detailed reports, providing your team with post-test support, the expert knowledge we impart and by going above & beyond the tick box deliverables used by other information security providers.

additional range of services As part of Shearwater Group plc, we can offer a wide range of additional services based around risk management, assurance and digital resilience. This includes PCI DSS, ISO 27001, GDPR and Virtual Chief Information Security Officer (vCISO) solutions.

pentest.co.uk

pentest.co.uk

penetration_testinguncover vulnerabilities, protect your organisationPenetration testing is an in-depth investigation into specific networks, web and mobile applications, infrastructure or connected devices. Our services are delivered by experienced security consultants and are designed to simulate the actions of a threat actor, uncovering and classifying vulnerabilities which could be used to exploit and damage your organisation.

the benefits of penetration testing

protect your assets and reputation Organisations rely heavily on digital assets, whether that be web applications, infrastructure, third-party software, connected devices or supply-chain networks. These need to be tested on a regular basis, and if they were to be breached it could result in reputational damage.

prioritise improvement effortsPenetration testing allows you to identify and classify your most critical vulnerabilities, providing vital remediation advice. This gives you the information you need to make informed decisions regarding security and effectively prioritise ongoing improvement efforts.

provide security assurancesWhether you’re buying third-party software or developing your own solutions, ensuring security is essential for both your organisation and customers. Our penetration testing services can help provide these security assurances during development or as part of any procurement process.

gain security buy-in Obtaining budget for information security improvements can be difficult, especially when you don’t have a clear picture of the issues your organisation faces or your vulnerabilities. Our penetration testing can give you this picture, providing the support you need to gain security buy-in.

0161 233 0100 contact@pentest.co.uk

scoping We work with you to fully understand your organisation, the areas to be tested and the desired test outcomes. proposal & prerequisites A proposal will be drawn up outlining the planned scope of work and the preparations needed to start testing. testing Testing will commence once the proposal has been agreed upon and signed authorisation has been granted. ongoing communication Our consultants will communicate with you throughout the test, to your set requirements. reporting A comprehensive, quality assured report of test findings will be delivered. post-test support Our consultants will be available to offer guidance on any aspect of the report, as well as remediation efforts. retest You have the option to retest, ensuring reported vulnerabilities have been addressed.

our approach Every test goes through a rigorous process, ensuring you get the best possible outcome for your organisation. Below we outline the key stages our testing goes through:

Penetration testing comes in many forms and our services will be tailored to your requirements, as well as your security priorities. Our services include:

> External/Internal infrastructure > Web application > Mobile application > Wireless

> Cloud security > Embedded device/IoT > SCADA/ICS

Not sure what you need? Our team will be happy to discuss your options, helping prioritise your efforts based on your individual requirements.

what we test

p e n t e s t

scoping

proposal &prerequisites

testing

ongoingcommunication

reporting

post-testsupport

retest

pentest.co.uk

red_teamingone of the most advanced information security tests an organisation can undertakeRed teaming is designed to simulate the actions of a cyber-attack in the most complete, exhaustive and accurate manner.

Unlike penetration testing, red teaming is goal based and our consultants will utilise any route possible, within the set scope, to gain access to a privilege level or set of resources that could be highly impactful to your organisation.

These engagements can be useful to any organisation wishing to test their robustness in the face of cyber-threats. However, they are more suited to larger scale organisations that have a global presence and considerable attack surface, those that have critical assets they are required to protect, that have been undertaking regular penetration testing or have advanced internal security teams.

simulate an advanced real-world attackPersistent attackers will use a variety of techniques to achieve their goal. Our red team engagements simulate this threat and will look to exploit your organisation, within the set scope, to fully test defences and provide a realistic description of the timescales that might be involved.

secure your most important assets What are your organisation’s most important assets? It could be intellectual property, maybe it’s a customer database or even financial information. Whatever it is, it needs protecting and our red team engagements can provide the security assurances you need.

uncover wider vulnerabilities Red teaming has a much broader scope than other security tests, helping you uncover wider organisational vulnerabilities which could be used in conjunction to compromise sensitive assets or data.

support your internal security teams Red teaming can help determine how effective your internal security teams are at providing defence and at reporting issues. Following the engagement, we will work with you and your team to improve security posture and internal response to an attack.

the benefits of red teaming

what we test

Our consultants will look to understand your digital estate, testing it for vulnerabilities.

technology technologyWe can target your people using a variety of methods. Attempting to exploit credentials and gain access.

people

We are experienced in physical red team operations & can attempt to gain access to premises unchallenged.

physical security

Once inside a network, we will look to expose security processes such as ineffective password management.

process

p e n t e s t

0161 233 0100 contact@pentest.co.uk

scoping We will work with you to ensure goals are defined, communication requirements set and everything is in place before we start the test. testingOur tests can include: OSINT & reconnaissance, vulnerability discovery, exploitation including social engineering, post-exploitation & persistence.

ongoing communication We communicate with you throughout the engagement, updating on progress and discussing potential future actions. reporting A full test report will be delivered at the end of the assessment, providing an in-depth review of findings, a timeline of activity and our remediation advice. post-test support We provide access to consultants after the report, allowing you to address specific concerns and to provide advice. retest We offer an optional period of retesting to allow you to verify issues have been mitigated successfully.

our approach Red team engagements are complex and our approach will be unique to your organisation, security posture, digital estate and the goals set. Broadly speaking, each assessment will go through the following stages:

Our consultants will look to gather information from multiple sources, utilise various techniques and attempt numerous routes in order to achieve their goal. The routes we use are dependent on the scope set, but can include a combination of:

p e n t e s t

scoping

testing

ongoingcommunication

reporting

post-testsupport

retest

E > contact@pentest.co.uk T > +44 (0)161 233 0100

26a The Downs Altrincham Cheshire WA14 2PU

pentest.co.uk

_____ _ _ _ _ _ | __ \ | | | | | | | | | || |__) |__ _ __ | |_ ___ ___| |_| | | |_ __| || ___/ _ \ ‘_ \| __/ _ \/ __| __| | | __/ _` || | | __/ | | | || __/\__ \ |_| |___| || (_| ||_| \___|_| |_|\__\___||___/\__|______\__\__,_|

p e n t e s tI N F O R M AT I O N S E C U R I T Y A S S U R A N C E