The first penetration test then follows in quarter 1. Usually a physical penetration test is opted for here.
With our physical pentest, we can see how knowledgeable the staff is about cyber security within the company.
The goal is to realistically simulate a physical security attack. In this way, our trained intruders can make security vulnerabilities within your organization visible to you and your staff.
In an effective way, a thorough pentest is performed by our experienced security experts. They attempt to gain access to vital or business-sensitive information as quickly as possible.
Without you noticing, third parties can easily gain access to your data and processes. It is therefore critical that every organization regularly examine its resilience or security level.
Who has access to key data and processes? How secure is your organization? What is the worst-case scenario? Virtually every organization faces weak links in security. We show you and your employees that certain vulnerabilities can lead to permanent damage to your business processes.
This may involve asking a few questions over the phone and seeing how much information we can obtain along the way. But we also effectively visit the workplace to see how people react to certain situations. Like accepting a package from the Bpost courier, for example. This is where someone is sent to look at these situations and try to abuse them.
The duration of our pentest depends entirely on the intended goal, the chosen method and the available budget. Usually we work with a timeboxed pentest (the pentest takes place within an agreed maximum time duration. Within the allotted time, as many vulnerabilities as possible are identified) which we calculate at 8h. If desired, we can of course deviate from this at any time.
For our pentests, we always start with an intake meeting with our pentester. In addition to a general introduction, we discuss the scope of the test, the method of approach, the available budget and the timeframe of the test. Then the actual pentest takes place.
Demonstrating the impact of a vulnerability enables a client to estimate which vulnerabilities have the greatest impact on his or her organization and therefore deserve priority. When our expert discovers weaknesses at an external party, that party is notified so they can take action. This ultimately increases your security level as well.
After the execution, our expert draws up a report containing the findings, conclusions and recommendations. As well as all external pain points of your organization via a management letter.
All reports of each individual pentest are stored encrypted in a so-called “cryptocontainer”, so they are safely protected from the outside world. In addition, we give a presentation at the quarterly meeting so that together we can look for the most secure solution for certain situations.
Internal security analysis
The internal security analysis is always held in the first quarter after the external pen test.
This means that an expert from our company comes to the work floor to work with the person responsible for internal security to see what improvements can be made to keep security as high as possible.
A whole checklist is completed and thoroughly checked. We also use the experience of our expert to see certain points that many people overlook.
This checklist is then forwarded to the person responsible in your company and can, if desired, always be reviewed at our quarterly meeting.
Some of the points that are checked are:
- Access points
- Coverage area cameras
- Natural disaster risks
- Man-made disaster risks
- Protection against external and environmental threats
- Dumpster diving
- Maintenance facilities
- Hatches and vents
- Access points (doors, gates, turnstiles, windows, docks, elevators, stairwells,…)
- Offices, rooms and facilities with restricted access
- Suitability of camera coverage
- Alarm types
- Access badge
- Removal of access rights