Get more than just a pen test. Cyber protection 365 days a year.
Penetration testing, also known as pen testing, is a detailed test of your IT infrastructure security performed by specially trained and qualified ethical hackers – called penetration testers. Penetration tests simulate a real-world attack by a skilled hacker by methodically testing your applications and infrastructures for security weaknesses. Unlike a real attack, pen tests are conducted in an authorized, orderly and safe manner.
Penetration tests typically check for misconfigurations, outdated software and logical flaws. Pen testers will also look for ways to escalate privileges if they manage to gain access, making it important that even low-level systems are included in a pen test scope.
Penetration testing enables you to quickly find your security flaws, giving you the chance to fix them before a hacker exploits them. Penetration testing is highly beneficial to businesses of all sizes:
A complete range of penetration testing customised to your exact requirements.
Enterprise security shouldn’t have to be expensive, so we include many powerful features as standard.
many more features!
Evaluate your external-facing systems for security vulnerabilities with expert testers who work with you to strengthen your security perimeter. Easily track your results and remediations from your Threat Dashboard.
Read more about penetration testing
Live data from penetration tests, VA scans and threat intelligence against your assets, feeds into a central dashboard showing you exactly where your critical risks lie and the severity of each threat.
Read more about our features
Train your staff to spot malicious emails and test your incident response plan regularly with our easy-to-use phishing campaign tool. Fully managed phishing campaigns can also be built to suit your own tailored requirements (Business package only).
Read more about phishing simulator
It’s best practice to run regular vulnerability scans to complement your pen testing schedule. This feature makes it easy for you to schedule regular scans or perform a quick on-demand test.
Read more about vulnerability scanning
Security analysts search your systems’ logs to provide real-time analysis of security alerts from your network and applications, including Office365. Choose our full managed service for 24/7 proactive protection.
Read more about log monitoring
Advanced anti-virus and anti-malware gives you peace of mind that every workstation, server, mailbox and mobile device is protected at all times.
Read more about endpoint protection
Engaging video training that covers all the essential security topics is combined together with exams to ensure your staff are fully trained and tested. In addition, you can get access to live instructor-led training from fully qualified security experts.
Read more about training and exams
Get a comprehensive audit of your business against the government backed Cyber Essentials scheme. Conducted by expert consultants, you can be confident you have the right technical controls in place.
Read more about cyber essentialsChoose a Defense.com™ package with a penetration test to evaluate your external-facing systems against known and unknown vulnerabilities. You can identify threats and take action to strengthen your security perimeter and prevent data breaches.
All of our penetration testers are experts in their field, and hold industry-recognized qualifications such as CREST, OSCP, CISSP and more.
Receive a detailed report showing the results of your pen test. Any threats are automatically added to your Defense.com™ Threat Dashboard for remediation.
Security shouldn’t wait, so your penetration test will be scheduled quickly at a time that suits you. Reports are delivered within 7 days of a completed test.
Security consultants will be on-hand to help you strategize, set action plans and review policies.
Around the clock support to ensure you are getting the best protection from every feature.
24/7 emergency support for security events, cyber incidents, and data breaches.
Regular penetration testing is a fundamental part of running a modern business. Cyberattacks increase steadily year-on-year across all markets and sectors, making pen testing a core consideration for businesses of all sizes.
In addition to keeping safe from cyber criminals, pen testing can help to increase customer confidence in your services. Regular penetration testing from a reputable provider such as Defense.com™ demonstrates that you take security seriously, which will prove to your existing and prospective customers that you can be trusted with their data.
There are many different types of penetration tests available. The scope of your test will depend on exactly what systems or applications you are looking to check. Here are some common types:
Infrastructure pen testing, also known as network pen testing, focuses on the hardware, firmware, and operating systems in your IT estate. This includes things like servers, network devices, and virtualized environments.
Application penetration tests focus on applications that are hosted on the underlying infrastructure, rather than the infrastructure itself. This could be web apps and APIs, or it could be mobile apps, such as iOS and Android penetration testing.
Cloud penetration testing audits the security of your cloud-based infrastructure, applications and services. AWS, Azure and GCP-hosted systems are the most commonly tested.
Internal infrastructure or authenticated application tests simulate the damage a malicious attacker could do if they were to breach your network perimeter or phish login credentials for an application. It’s a much more involved test, and also models the impact of a rogue employee or other insider threat.
External/unauthenticatedExternal infrastructure or unauthenticated application tests explore what damage a malicious hacker could achieve without privileged access. It’s a quicker test that models the more common ‘opportunistic’ type threat actor.
A Defense.com™ penetration testing engagement is split into several distinct stages:
This is where the scope is discussed and defined, and the ultimate goals of the pen test are analyzed and set. This stage will determine the types of testing activities and is essential for a professional and productive test outcome.
Having a good report is the key to getting good value from a penetration test engagement. Defense.com™ reports are split into Executive Summary and Technical Breakdown sections, and it includes crucial remediation advice.
The detail in pen test reports should include:
It’s a good idea to seek a sample report before engaging a pen test provider – this way you’ll know what you can expect to receive. If a report is full of jargon and difficult to decipher, its use to you is limited. Defense.com™ follows best-practice standards for undertaking a pen test, including OWASP and PTES.
When defining a penetration test, it is important to define how much information is disclosed up-front, also known as the box color:
A black box test is where almost nothing is known about the target environment ahead of the test. Whilst this positions the tester in a similar position to a real-world hacker, it means precious test time is wasted on simple discovery tasks.
A white box test is where everything about the environment, possibly even the source code, is known by the pen tester ahead of the test. Whilst this has the potential to make for a very thorough test, it’s not reflective of a real-world hack, and can cause the scope to become diluted.
There’s also a third option; as the name implies, a gray box test is a mix of white and black box tests, where the pen tester has limited information about the target environment. This is a ‘best-of-both-worlds’ approach and often leads to tests with the best – and most cost effective – outcomes.
We’ve always been very impressed with the cyber security services provided to us. Their professional approach, knowledge and flexibility have ensured they have become a key trusted partner in our supply chain.
